diff --git a/examples/programs/flag.mlw b/examples/programs/flag.mlw
index 9101b1791f87b43a5f3a93a14e6107f92373d128..2aac29187fdb1801ff98e35d719997f48e61b1e1 100644
--- a/examples/programs/flag.mlw
+++ b/examples/programs/flag.mlw
@@ -19,7 +19,7 @@ module Flag
       a[i] <- a[j];
       a[j] <- v
     end
-    { exchange a (old a) i j }
+    { exchange (old a) a i j }
 
   let dutch_flag (a:array color) (n:int) =
     { 0 <= n /\ length a = n }
@@ -33,7 +33,7 @@ module Flag
                    monochrome a !b !i White /\
                    monochrome a !r n  Red /\
                    length a = n /\
-                   permut_sub a (at a 'Init) 0 n }
+                   permut_sub (at a 'Init) a 0 n }
        variant { !r - !i }
        match a[!i] with
        | Blue ->
@@ -51,7 +51,7 @@ module Flag
         monochrome a 0 b Blue /\
         monochrome a b r White /\
         monochrome a r n Red)
-      /\ permut a (old a) }
+      /\ permut (old a) a }
 
 end
 
diff --git a/examples/programs/flag/why3session.xml b/examples/programs/flag/why3session.xml
index 9e5d70e13a831dc3a39712f15f49f42e9ac5526c..6b52c87c9797e93ce24134b5a9cdfb2bb68b363b 100644
--- a/examples/programs/flag/why3session.xml
+++ b/examples/programs/flag/why3session.xml
@@ -1,266 +1,325 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE why3session SYSTEM "why3session.dtd">
 <why3session name="examples/programs/flag/why3session.xml">
- <file name="../flag.mlw" verified="true" expanded="true">
-  <theory name="WP Flag" verified="true" expanded="true">
-   <goal name="WP_parameter swap" expl="correctness of parameter swap" sum="57952bfe7c7360743d0f0102996ac86f" proved="true" expanded="true">
+ <prover id="alt-ergo" name="Alt-Ergo" version="0.93"/>
+ <prover id="coq" name="Coq" version="8.2pl1"/>
+ <prover id="cvc3" name="CVC3" version="2.2"/>
+ <prover id="eprover" name="Eprover" version="0.7 Dhajea"/>
+ <prover id="gappa" name="Gappa" version="0.14.0"/>
+ <prover id="simplify" name="Simplify" version="1.5.4"/>
+ <prover id="yices" name="Yices" version="1.0.13"/>
+ <prover id="z3" name="Z3" version="2.13"/>
+ <file name="../flag.mlw" verified="false" expanded="true">
+  <theory name="WP Flag" verified="false" expanded="true">
+   <goal name="WP_parameter swap" expl="correctness of parameter swap" sum="933150befd5b3652581f6f26b48b7c6e" proved="true" expanded="true" shape="aexchangeV3V5V1V2Iainfix =V5asetV4V2agetV3V1FAainfix <V2V0Aainfix <=c0V2Iainfix =V4asetV3V1agetV3V2FAainfix <V1V0Aainfix <=c0V1Aainfix <V2V0Aainfix <=c0V2Aainfix <V1V0Aainfix <=c0V1Iainfix <V2V0Aainfix <=c0V2Aainfix <V1V0Aainfix <=c0V1FFFF">
     <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-     <result status="valid" time="0.01"/>
+     <result status="valid" time="0.03"/>
     </proof>
    </goal>
-   <goal name="WP_parameter dutch_flag" expl="correctness of parameter dutch_flag" sum="b1e45240b530a8f41beb99d5e66e52f6" proved="true" expanded="true">
-    <transf name="split_goal" proved="true" expanded="true">
-     <goal name="WP_parameter dutch_flag.1" expl="loop invariant init" sum="10209b9343c7272c86f3817137cfc8b1" proved="true" expanded="true">
-      <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-       <result status="valid" time="0.02"/>
-      </proof>
-     </goal>
-     <goal name="WP_parameter dutch_flag.2" expl="precondition" sum="a11e5e768ab95f9ec8e7121cd08ad067" proved="true" expanded="true">
-      <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-       <result status="valid" time="0.01"/>
-      </proof>
-     </goal>
-     <goal name="WP_parameter dutch_flag.3" expl="correctness of parameter dutch_flag" sum="5bfad2270a8b86a9b24e014cc4ae319d" proved="true" expanded="true">
+   <goal name="WP_parameter dutch_flag" expl="correctness of parameter dutch_flag" sum="b5d3289f20a205da568b4d556d40d4a9" proved="false" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7iainfix <V5V4CagetV7V5aBlueLamk arrayV0V9ainfix <ainfix -V4V12ainfix -V4V5Aainfix <=c0ainfix -V4V5Aapermut_subV2V9c0V1Aainfix =V0V1AamonochromeV10V4V1aRedAamonochromeV10V11V12aWhiteAamonochromeV10c0V11aBlueAainfix <=V4V1Aainfix <=V12V4Aainfix <=V11V12Aainfix <=c0V11Iainfix =V12ainfix +V5c1FIainfix =V11ainfix +V6c1FIaexchangeV7V9V6V5FAainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6aWhiteainfix <ainfix -V4V13ainfix -V4V5Aainfix <=c0ainfix -V4V5Aapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V13aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V13V4Aainfix <=V6V13Aainfix <=c0V6Iainfix =V13ainfix +V5c1FaRedLamk arrayV0V15ainfix <ainfix -V14V5ainfix -V4V5Aainfix <=c0ainfix -V4V5Aapermut_subV2V15c0V1Aainfix =V0V1AamonochromeV16V14V1aRedAamonochromeV16V6V5aWhiteAamonochromeV16c0V6aBlueAainfix <=V14V1Aainfix <=V5V14Aainfix <=V6V5Aainfix <=c0V6IaexchangeV7V15V14V5FAainfix <V5V0Aainfix <=c0V5Aainfix <V14V0Aainfix <=c0V14Iainfix =V14ainfix -V4c1FAainfix <V5V0Aainfix <=c0V5apermutV3V8AamonochromeV8V18V1aRedAamonochromeV8V17V18aWhiteAamonochromeV8c0V17aBlueEEIapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFAapermut_subV2V2c0V1Aainfix =V0V1AamonochromeV3V1V1aRedAamonochromeV3c0c0aWhiteAamonochromeV3c0c0aBlueAainfix <=V1V1Aainfix <=c0V1Aainfix <=c0c0Aainfix <=c0c0Iainfix =V0V1Aainfix <=c0V1FFF">
+    <transf name="split_goal" proved="false" expanded="true">
+     <goal name="WP_parameter dutch_flag.1" expl="loop invariant init" sum="dcc62613cd7c5edaad8ffaac79602025" proved="true" expanded="true" shape="Lamk arrayV0V2apermut_subV2V2c0V1Aainfix =V0V1AamonochromeV3V1V1aRedAamonochromeV3c0c0aWhiteAamonochromeV3c0c0aBlueAainfix <=V1V1Aainfix <=c0V1Aainfix <=c0c0Aainfix <=c0c0Iainfix =V0V1Aainfix <=c0V1FFF">
       <transf name="split_goal" proved="true" expanded="true">
-       <goal name="WP_parameter dutch_flag.3.1" expl="correctness of parameter dutch_flag" sum="e365accc2a42a0cc8f12c193fe6f7bdd" proved="true" expanded="true">
-        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
-        </proof>
-       </goal>
-       <goal name="WP_parameter dutch_flag.3.2" expl="correctness of parameter dutch_flag" sum="ce9d01a78e25db4f793de493f69d4848" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.1.1" expl="correctness of parameter dutch_flag" sum="71f916e3bea00ac271b1d509102038cf" proved="true" expanded="true" shape="Lamk arrayV0V2ainfix <=c0c0Iainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.3.3" expl="correctness of parameter dutch_flag" sum="83c17a5ddc696601ff5c3048b3dc5253" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.1.2" expl="correctness of parameter dutch_flag" sum="71f916e3bea00ac271b1d509102038cf" proved="true" expanded="true" shape="Lamk arrayV0V2ainfix <=c0c0Iainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="valid" time="0.03"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.3.4" expl="correctness of parameter dutch_flag" sum="73666daa26642b49f28ded67a3ddbea7" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.1.3" expl="correctness of parameter dutch_flag" sum="fa4434dc3f753e4c965a05719c575a26" proved="true" expanded="true" shape="Lamk arrayV0V2ainfix <=c0V1Iainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
+         <result status="valid" time="0.03"/>
         </proof>
        </goal>
-      </transf>
-     </goal>
-     <goal name="WP_parameter dutch_flag.4" expl="correctness of parameter dutch_flag" sum="ef8df83bc44b7e045168774b45c6637c" proved="true" expanded="true">
-      <transf name="split_goal" proved="true" expanded="true">
-       <goal name="WP_parameter dutch_flag.4.1" expl="correctness of parameter dutch_flag" sum="35757aa4277435b9ae980a003d1a65ff" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.1.4" expl="correctness of parameter dutch_flag" sum="d7b2673057f4ceb0b821c978b22215ba" proved="true" expanded="true" shape="Lamk arrayV0V2ainfix <=V1V1Iainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
+         <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.4.2" expl="correctness of parameter dutch_flag" sum="f753bfe1fa112f6e791618323cd37965" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.1.5" expl="correctness of parameter dutch_flag" sum="c58045f6510bcb78b7069e507b3de9cc" proved="true" expanded="true" shape="Lamk arrayV0V2amonochromeV3c0c0aBlueIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.01"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.4.3" expl="correctness of parameter dutch_flag" sum="f919562ee0d7304d6b06771668481e10" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.1.6" expl="correctness of parameter dutch_flag" sum="490e9693503bcc67ab15474703e80970" proved="true" expanded="true" shape="Lamk arrayV0V2amonochromeV3c0c0aWhiteIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
+         <result status="valid" time="0.03"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.4.4" expl="correctness of parameter dutch_flag" sum="15ea5ac504638ca34edcf967f7c24cc0" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.1.7" expl="correctness of parameter dutch_flag" sum="0814a395a50d87bc1d4dce867a6096f0" proved="true" expanded="true" shape="Lamk arrayV0V2amonochromeV3V1V1aRedIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.4.5" expl="correctness of parameter dutch_flag" sum="f60750ed59aee12bd5acd2943c46a3e8" proved="true" expanded="true">
-        <proof prover="coq" timelimit="10" edited="flag_WP_Flag_WP_parameter_dutch_flag_2.v" obsolete="false">
-         <result status="valid" time="0.58"/>
-        </proof>
-       </goal>
-       <goal name="WP_parameter dutch_flag.4.6" expl="correctness of parameter dutch_flag" sum="36f0b4873f192708a089d11d5c148ad1" proved="true" expanded="true">
-        <proof prover="coq" timelimit="10" edited="flag_WP_Flag_WP_parameter_dutch_flag_3.v" obsolete="false">
-         <result status="valid" time="0.61"/>
-        </proof>
-       </goal>
-       <goal name="WP_parameter dutch_flag.4.7" expl="correctness of parameter dutch_flag" sum="646336e39c8c6b60f2520d7c0c00a14a" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.1.8" expl="correctness of parameter dutch_flag" sum="7a53ebadb923e73f879bb9665c7e8c87" proved="true" expanded="true" shape="Lamk arrayV0V2ainfix =V0V1Iainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.45"/>
-        </proof>
-       </goal>
-       <goal name="WP_parameter dutch_flag.4.8" expl="correctness of parameter dutch_flag" sum="0fd49c97da41be8f7638b1729e2b04e2" proved="true" expanded="true">
-        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.4.9" expl="correctness of parameter dutch_flag" sum="83fbea912642a969c0d141567c40cb1b" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.1.9" expl="correctness of parameter dutch_flag" sum="253c8d2e88313c4ee5ab718c90ab3b34" proved="true" expanded="true" shape="Lamk arrayV0V2apermut_subV2V2c0V1Iainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.04"/>
+         <result status="valid" time="0.02"/>
         </proof>
        </goal>
       </transf>
      </goal>
-     <goal name="WP_parameter dutch_flag.5" expl="correctness of parameter dutch_flag" sum="77724cc8047f6dc4f6afeffe144cb11c" proved="true" expanded="true">
+     <goal name="WP_parameter dutch_flag.2" expl="precondition" sum="0d4ee4ed392c3f846eadfb38dfea3d78" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7ainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
       <transf name="split_goal" proved="true" expanded="true">
-       <goal name="WP_parameter dutch_flag.5.1" expl="correctness of parameter dutch_flag" sum="5bce3e7ac9b26ba9e67f1c8f172e0257" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.2.1" expl="correctness of parameter dutch_flag" sum="c2995d522e46ab978ec9d98c911b33ed" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7ainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.5.2" expl="correctness of parameter dutch_flag" sum="09bac77f1bffcacf491e890b6bad0211" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.2.2" expl="correctness of parameter dutch_flag" sum="5e0ff5a593b6f0a649306c2b72663571" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7ainfix <V5V0Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="valid" time="0.01"/>
         </proof>
        </goal>
       </transf>
      </goal>
-     <goal name="WP_parameter dutch_flag.6" expl="correctness of parameter dutch_flag" sum="970aa25f73a013b430b622f7e0c26ab2" proved="true" expanded="true">
-      <transf name="split_goal" proved="true" expanded="true">
-       <goal name="WP_parameter dutch_flag.6.1" expl="correctness of parameter dutch_flag" sum="8699caf714abbc0726cf16c3fcfb0dbd" proved="true" expanded="true">
-        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
-        </proof>
-       </goal>
-       <goal name="WP_parameter dutch_flag.6.2" expl="correctness of parameter dutch_flag" sum="92196be47ac01d2fe2c45542cce6c76d" proved="true" expanded="true">
+     <goal name="WP_parameter dutch_flag.3" expl="correctness of parameter dutch_flag" sum="ccca04bb54038eb2774fe087e2f99a1f" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBlueainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6aWhitetaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
+      <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
+       <result status="valid" time="0.03"/>
+      </proof>
+      <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+       <result status="valid" time="0.02"/>
+      </proof>
+     </goal>
+     <goal name="WP_parameter dutch_flag.4" expl="correctness of parameter dutch_flag" sum="4f043ffba022d84745b44b44a65124b8" proved="false" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBlueLamk arrayV0V9apermut_subV2V9c0V1Aainfix =V0V1AamonochromeV10V4V1aRedAamonochromeV10V11V12aWhiteAamonochromeV10c0V11aBlueAainfix <=V4V1Aainfix <=V12V4Aainfix <=V11V12Aainfix <=c0V11Iainfix =V12ainfix +V5c1FIainfix =V11ainfix +V6c1FIaexchangeV7V9V6V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6aWhitetaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
+      <transf name="split_goal" proved="false" expanded="true">
+       <goal name="WP_parameter dutch_flag.4.1" expl="correctness of parameter dutch_flag" sum="863b304a6b918913fe31c7d51b5a7b80" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBlueLamk arrayV0V9ainfix <=c0V11Iainfix =V12ainfix +V5c1FIainfix =V11ainfix +V6c1FIaexchangeV7V9V6V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6aWhitetaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.6.3" expl="correctness of parameter dutch_flag" sum="7bdc6a40841de2cb245af36e55bf2827" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.4.2" expl="correctness of parameter dutch_flag" sum="7c0e93900a3a8625776b4cfdde01df09" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBlueLamk arrayV0V9ainfix <=V11V12Iainfix =V12ainfix +V5c1FIainfix =V11ainfix +V6c1FIaexchangeV7V9V6V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6aWhitetaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.6.4" expl="correctness of parameter dutch_flag" sum="0f3449004ef97d92d8b7b831179422d6" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.4.3" expl="correctness of parameter dutch_flag" sum="1759570f30f56679a3cd44102e76a887" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBlueLamk arrayV0V9ainfix <=V12V4Iainfix =V12ainfix +V5c1FIainfix =V11ainfix +V6c1FIaexchangeV7V9V6V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6aWhitetaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.01"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.6.5" expl="correctness of parameter dutch_flag" sum="86c2699f065ce166644577162e6dd6d4" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.4.4" expl="correctness of parameter dutch_flag" sum="2522f75096eec0ac962b9ea1d757c74b" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBlueLamk arrayV0V9ainfix <=V4V1Iainfix =V12ainfix +V5c1FIainfix =V11ainfix +V6c1FIaexchangeV7V9V6V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6aWhitetaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.6.6" expl="correctness of parameter dutch_flag" sum="39826dae0f79175ec6205f97ef85c310" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.4.5" expl="correctness of parameter dutch_flag" sum="522aa897b229dc4725efa3b938fa054f" proved="false" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBlueLamk arrayV0V9amonochromeV10c0V11aBlueIainfix =V12ainfix +V5c1FIainfix =V11ainfix +V6c1FIaexchangeV7V9V6V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6aWhitetaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
+        <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
+         <result status="timeout" time="10.06"/>
+        </proof>
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="timeout" time="10.58"/>
+        </proof>
+        <proof prover="z3" timelimit="10" edited="" obsolete="true">
+         <result status="timeout" time="11.21"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.6.7" expl="correctness of parameter dutch_flag" sum="cabe5449551ddd530e25123a1c30301d" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.4.6" expl="correctness of parameter dutch_flag" sum="b19b27cc31487070519f19e3ba99fa9c" proved="false" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBlueLamk arrayV0V9amonochromeV10V11V12aWhiteIainfix =V12ainfix +V5c1FIainfix =V11ainfix +V6c1FIaexchangeV7V9V6V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6aWhitetaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="timeout" time="10.10"/>
         </proof>
-       </goal>
-       <goal name="WP_parameter dutch_flag.6.8" expl="correctness of parameter dutch_flag" sum="862009249acca5160389dc0e65d91e82" proved="true" expanded="true">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="timeout" time="10.23"/>
+        </proof>
+        <proof prover="z3" timelimit="10" edited="" obsolete="true">
+         <result status="timeout" time="11.59"/>
+        </proof>
+       </goal>
+       <goal name="WP_parameter dutch_flag.4.7" expl="correctness of parameter dutch_flag" sum="c12f2421f7e3bff07382e61e7b48cbb1" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBlueLamk arrayV0V9amonochromeV10V4V1aRedIainfix =V12ainfix +V5c1FIainfix =V11ainfix +V6c1FIaexchangeV7V9V6V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6aWhitetaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
+        <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.84"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.6.9" expl="correctness of parameter dutch_flag" sum="a11a18266ac7142130bec6fc052868fc" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.4.8" expl="correctness of parameter dutch_flag" sum="b4b217a0c76daf35621c1ad2acb1b180" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBlueLamk arrayV0V9ainfix =V0V1Iainfix =V12ainfix +V5c1FIainfix =V11ainfix +V6c1FIaexchangeV7V9V6V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6aWhitetaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.01"/>
         </proof>
        </goal>
+       <goal name="WP_parameter dutch_flag.4.9" expl="correctness of parameter dutch_flag" sum="e0fdef9bde13190886ae019f0f08a902" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBlueLamk arrayV0V9apermut_subV2V9c0V1Iainfix =V12ainfix +V5c1FIainfix =V11ainfix +V6c1FIaexchangeV7V9V6V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6aWhitetaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="4.22"/>
+        </proof>
+       </goal>
       </transf>
      </goal>
-     <goal name="WP_parameter dutch_flag.7" expl="correctness of parameter dutch_flag" sum="5d313f7e708a49bb02dfbfb3f014fe65" proved="true" expanded="true">
-      <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-       <result status="valid" time="0.02"/>
-      </proof>
+     <goal name="WP_parameter dutch_flag.5" expl="correctness of parameter dutch_flag" sum="1c4b609a6648e565b12540473d5a1f74" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBlueLamk arrayV0V9ainfix <ainfix -V4V12ainfix -V4V5Aainfix <=c0ainfix -V4V5Iapermut_subV2V9c0V1Aainfix =V0V1AamonochromeV10V4V1aRedAamonochromeV10V11V12aWhiteAamonochromeV10c0V11aBlueAainfix <=V4V1Aainfix <=V12V4Aainfix <=V11V12Aainfix <=c0V11Iainfix =V12ainfix +V5c1FIainfix =V11ainfix +V6c1FIaexchangeV7V9V6V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6aWhitetaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
       <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-       <result status="valid" time="0.02"/>
+       <result status="valid" time="0.03"/>
       </proof>
      </goal>
-     <goal name="WP_parameter dutch_flag.8" expl="correctness of parameter dutch_flag" sum="c19e32a860e2bdd2ba38080926a80a81" proved="true" expanded="true">
+     <goal name="WP_parameter dutch_flag.6" expl="correctness of parameter dutch_flag" sum="a431e5271a30c64db3a6a7b6bf4bf480" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhiteapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V9aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V9V4Aainfix <=V6V9Aainfix <=c0V6Iainfix =V9ainfix +V5c1FaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
       <transf name="split_goal" proved="true" expanded="true">
-       <goal name="WP_parameter dutch_flag.8.1" expl="correctness of parameter dutch_flag" sum="70653263241f4634353aa223a2ffcefb" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.6.1" expl="correctness of parameter dutch_flag" sum="a57b82673d5d7c98c8266ee039bd86e6" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhiteainfix <=c0V6Iainfix =V9ainfix +V5c1FaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
+         <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.8.2" expl="correctness of parameter dutch_flag" sum="cd67e4a1a6c84699516c5db1b7347785" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.6.2" expl="correctness of parameter dutch_flag" sum="ae12499310d7121e523014ca5a70ab9c" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhiteainfix <=V6V9Iainfix =V9ainfix +V5c1FaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
+         <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.8.3" expl="correctness of parameter dutch_flag" sum="3758f35139af4e8342637878f2c8ab59" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.6.3" expl="correctness of parameter dutch_flag" sum="797361b96cdaedaa49e46f0851c7f4cf" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhiteainfix <=V9V4Iainfix =V9ainfix +V5c1FaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.8.4" expl="correctness of parameter dutch_flag" sum="0ece914657ffa0b344b2ae918182b759" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.6.4" expl="correctness of parameter dutch_flag" sum="547affea2d4a68b478269957450a33c2" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhiteainfix <=V4V1Iainfix =V9ainfix +V5c1FaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.03"/>
+        </proof>
+       </goal>
+       <goal name="WP_parameter dutch_flag.6.5" expl="correctness of parameter dutch_flag" sum="435dfc3c2a9e3568ddc4fad28de1ae28" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhiteamonochromeV8c0V6aBlueIainfix =V9ainfix +V5c1FaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.02"/>
+        </proof>
+       </goal>
+       <goal name="WP_parameter dutch_flag.6.6" expl="correctness of parameter dutch_flag" sum="1d222a7894ad65f7790e1d88a345b26e" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhiteamonochromeV8V6V9aWhiteIainfix =V9ainfix +V5c1FaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.03"/>
+        </proof>
+       </goal>
+       <goal name="WP_parameter dutch_flag.6.7" expl="correctness of parameter dutch_flag" sum="9be9ac38d51446af362db11b34378b5e" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhiteamonochromeV8V4V1aRedIainfix =V9ainfix +V5c1FaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.04"/>
+        </proof>
+       </goal>
+       <goal name="WP_parameter dutch_flag.6.8" expl="correctness of parameter dutch_flag" sum="d073537d21eb01a4d89fe84c18778698" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhiteainfix =V0V1Iainfix =V9ainfix +V5c1FaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.04"/>
+        </proof>
+       </goal>
+       <goal name="WP_parameter dutch_flag.6.9" expl="correctness of parameter dutch_flag" sum="d062461743f05ba4750eaada085747a5" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhiteapermut_subV2V7c0V1Iainfix =V9ainfix +V5c1FaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
       </transf>
      </goal>
-     <goal name="WP_parameter dutch_flag.9" expl="correctness of parameter dutch_flag" sum="d64172095ebb3d759538db0ede8c7593" proved="true" expanded="true">
+     <goal name="WP_parameter dutch_flag.7" expl="correctness of parameter dutch_flag" sum="06a27c216403c8e336030571a3078f9c" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhiteainfix <ainfix -V4V9ainfix -V4V5Aainfix <=c0ainfix -V4V5Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V9aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V9V4Aainfix <=V6V9Aainfix <=c0V6Iainfix =V9ainfix +V5c1FaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
       <transf name="split_goal" proved="true" expanded="true">
-       <goal name="WP_parameter dutch_flag.9.1" expl="correctness of parameter dutch_flag" sum="a53ceb5c48071ede890abf09e7182b1a" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.7.1" expl="correctness of parameter dutch_flag" sum="d5ebe46dfb4cda4a141d4ff8769ffc5c" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhiteainfix <=c0ainfix -V4V5Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V9aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V9V4Aainfix <=V6V9Aainfix <=c0V6Iainfix =V9ainfix +V5c1FaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.03"/>
+        </proof>
+       </goal>
+       <goal name="WP_parameter dutch_flag.7.2" expl="correctness of parameter dutch_flag" sum="ad7d661b13c24aa3b45497276b0595d7" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhiteainfix <ainfix -V4V9ainfix -V4V5Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V9aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V9V4Aainfix <=V6V9Aainfix <=c0V6Iainfix =V9ainfix +V5c1FaRedtIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.9.2" expl="correctness of parameter dutch_flag" sum="e1b284cbb88305ef09dafd4b4b16ef0e" proved="true" expanded="true">
+      </transf>
+     </goal>
+     <goal name="WP_parameter dutch_flag.8" expl="correctness of parameter dutch_flag" sum="63319b2700cd509ab07a8f8f029afe1b" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhitetaRedainfix <V5V0Aainfix <=c0V5Aainfix <V9V0Aainfix <=c0V9Iainfix =V9ainfix -V4c1FIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
+      <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+       <result status="valid" time="0.04"/>
+      </proof>
+     </goal>
+     <goal name="WP_parameter dutch_flag.9" expl="correctness of parameter dutch_flag" sum="460036c09c459a389c644b4fa3bd40a8" proved="false" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhitetaRedLamk arrayV0V10apermut_subV2V10c0V1Aainfix =V0V1AamonochromeV11V9V1aRedAamonochromeV11V6V5aWhiteAamonochromeV11c0V6aBlueAainfix <=V9V1Aainfix <=V5V9Aainfix <=V6V5Aainfix <=c0V6IaexchangeV7V10V9V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V9V0Aainfix <=c0V9Iainfix =V9ainfix -V4c1FIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
+      <transf name="split_goal" proved="false" expanded="true">
+       <goal name="WP_parameter dutch_flag.9.1" expl="correctness of parameter dutch_flag" sum="d3ce20a16eddf390e0d44700be26dc35" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhitetaRedLamk arrayV0V10ainfix <=c0V6IaexchangeV7V10V9V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V9V0Aainfix <=c0V9Iainfix =V9ainfix -V4c1FIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
+         <result status="valid" time="0.02"/>
+        </proof>
+       </goal>
+       <goal name="WP_parameter dutch_flag.9.2" expl="correctness of parameter dutch_flag" sum="3fac7110d2299ef9fa8258c2632691e3" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhitetaRedLamk arrayV0V10ainfix <=V6V5IaexchangeV7V10V9V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V9V0Aainfix <=c0V9Iainfix =V9ainfix -V4c1FIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.9.3" expl="correctness of parameter dutch_flag" sum="1e269d9f5a4b4f6656e89f156b3898a6" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.9.3" expl="correctness of parameter dutch_flag" sum="5d3587e7c0b98f7696fcd10a31b2685f" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhitetaRedLamk arrayV0V10ainfix <=V5V9IaexchangeV7V10V9V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V9V0Aainfix <=c0V9Iainfix =V9ainfix -V4c1FIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.01"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.9.4" expl="correctness of parameter dutch_flag" sum="ab2afec3b7e546f974dce97efffb8db0" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.9.4" expl="correctness of parameter dutch_flag" sum="853c0f7ae6112f7ec2146409b3f3af64" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhitetaRedLamk arrayV0V10ainfix <=V9V1IaexchangeV7V10V9V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V9V0Aainfix <=c0V9Iainfix =V9ainfix -V4c1FIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="valid" time="0.03"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.9.5" expl="correctness of parameter dutch_flag" sum="7e5e8e71286fe761ce391e080a827737" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.9.5" expl="correctness of parameter dutch_flag" sum="06fe8dbbb4fce699fad51434bc70d6e3" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhitetaRedLamk arrayV0V10amonochromeV11c0V6aBlueIaexchangeV7V10V9V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V9V0Aainfix <=c0V9Iainfix =V9ainfix -V4c1FIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.47"/>
+         <result status="valid" time="1.03"/>
+        </proof>
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="timeout" time="11.51"/>
+        </proof>
+        <proof prover="z3" timelimit="10" edited="" obsolete="true">
+         <result status="timeout" time="10.30"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.9.6" expl="correctness of parameter dutch_flag" sum="8416039e9162b9fce1ab87e9af97d2a1" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.9.6" expl="correctness of parameter dutch_flag" sum="e71c28701048c7d43b8015b0bab1efe8" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhitetaRedLamk arrayV0V10amonochromeV11V6V5aWhiteIaexchangeV7V10V9V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V9V0Aainfix <=c0V9Iainfix =V9ainfix -V4c1FIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="3.14"/>
+         <result status="valid" time="6.24"/>
+        </proof>
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="timeout" time="11.58"/>
+        </proof>
+        <proof prover="z3" timelimit="10" edited="" obsolete="true">
+         <result status="timeout" time="10.41"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.9.7" expl="correctness of parameter dutch_flag" sum="ea103d0691939ee2575adfc7edece289" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.9.7" expl="correctness of parameter dutch_flag" sum="b09c5e0681f695e912027bce2a8b8621" proved="false" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhitetaRedLamk arrayV0V10amonochromeV11V9V1aRedIaexchangeV7V10V9V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V9V0Aainfix <=c0V9Iainfix =V9ainfix -V4c1FIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="7.09"/>
+         <result status="timeout" time="10.08"/>
+        </proof>
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="timeout" time="10.61"/>
+        </proof>
+        <proof prover="z3" timelimit="10" edited="" obsolete="true">
+         <result status="timeout" time="10.35"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.9.8" expl="correctness of parameter dutch_flag" sum="c956b0af1f9308957c2aaffe6cbff3b4" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.9.8" expl="correctness of parameter dutch_flag" sum="c001bd22429c968840919b68518dfa3e" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhitetaRedLamk arrayV0V10ainfix =V0V1IaexchangeV7V10V9V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V9V0Aainfix <=c0V9Iainfix =V9ainfix -V4c1FIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.9.9" expl="correctness of parameter dutch_flag" sum="e40d758487ea8901ea1f712101f57dd7" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.9.9" expl="correctness of parameter dutch_flag" sum="7902d0942739a9131c40403bda2bad21" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhitetaRedLamk arrayV0V10apermut_subV2V10c0V1IaexchangeV7V10V9V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V9V0Aainfix <=c0V9Iainfix =V9ainfix -V4c1FIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
+        <proof prover="cvc3" timelimit="10" edited="" obsolete="true">
+         <result status="timeout" time="10.11"/>
+        </proof>
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.03"/>
+         <result status="valid" time="4.99"/>
         </proof>
        </goal>
       </transf>
      </goal>
-     <goal name="WP_parameter dutch_flag.10" expl="correctness of parameter dutch_flag" sum="63a177c9c9b0ea88df565f801042a727" proved="true" expanded="true">
+     <goal name="WP_parameter dutch_flag.10" expl="correctness of parameter dutch_flag" sum="9eba2fef3449a589baeec5fa248edd7f" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhitetaRedLamk arrayV0V10ainfix <ainfix -V9V5ainfix -V4V5Aainfix <=c0ainfix -V4V5Iapermut_subV2V10c0V1Aainfix =V0V1AamonochromeV11V9V1aRedAamonochromeV11V6V5aWhiteAamonochromeV11c0V6aBlueAainfix <=V9V1Aainfix <=V5V9Aainfix <=V6V5Aainfix <=c0V6IaexchangeV7V10V9V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V9V0Aainfix <=c0V9Iainfix =V9ainfix -V4c1FIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
       <transf name="split_goal" proved="true" expanded="true">
-       <goal name="WP_parameter dutch_flag.10.1" expl="correctness of parameter dutch_flag" sum="09e807d3e04b806e735203eae25addbf" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.10.1" expl="correctness of parameter dutch_flag" sum="1200a37de63311571f308312353d185d" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhitetaRedLamk arrayV0V10ainfix <=c0ainfix -V4V5Iapermut_subV2V10c0V1Aainfix =V0V1AamonochromeV11V9V1aRedAamonochromeV11V6V5aWhiteAamonochromeV11c0V6aBlueAainfix <=V9V1Aainfix <=V5V9Aainfix <=V6V5Aainfix <=c0V6IaexchangeV7V10V9V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V9V0Aainfix <=c0V9Iainfix =V9ainfix -V4c1FIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.10.2" expl="correctness of parameter dutch_flag" sum="23a3f7254a090d0aa0064c7d88b08ba8" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.10.2" expl="correctness of parameter dutch_flag" sum="21595ddb28d585815ac73deb793a6353" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7CagetV7V5aBluetaWhitetaRedLamk arrayV0V10ainfix <ainfix -V9V5ainfix -V4V5Iapermut_subV2V10c0V1Aainfix =V0V1AamonochromeV11V9V1aRedAamonochromeV11V6V5aWhiteAamonochromeV11c0V6aBlueAainfix <=V9V1Aainfix <=V5V9Aainfix <=V6V5Aainfix <=c0V6IaexchangeV7V10V9V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V9V0Aainfix <=c0V9Iainfix =V9ainfix -V4c1FIainfix <V5V0Aainfix <=c0V5Iainfix <V5V4Iapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
       </transf>
      </goal>
-     <goal name="WP_parameter dutch_flag.11" expl="normal postcondition" sum="6b45fc37879bcd1f1d723881ade0af44" proved="true" expanded="true">
+     <goal name="WP_parameter dutch_flag.11" expl="normal postcondition" sum="6baf04f0b243643da6254b2059547c3d" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7apermutV3V8AamonochromeV8V10V1aRedAamonochromeV8V9V10aWhiteAamonochromeV8c0V9aBlueEEIainfix <V5V4NIapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
       <transf name="split_goal" proved="true" expanded="true">
-       <goal name="WP_parameter dutch_flag.11.1" expl="correctness of parameter dutch_flag" sum="4828a18939c093434a4ac86228097128" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.11.1" expl="correctness of parameter dutch_flag" sum="52279cd61657bcbf96261871bf6ef621" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7amonochromeV8V10V1aRedAamonochromeV8V9V10aWhiteAamonochromeV8c0V9aBlueEEIainfix <V5V4NIapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter dutch_flag.11.2" expl="correctness of parameter dutch_flag" sum="ba5e12bab53f12e1e00201a76675c9c7" proved="true" expanded="true">
+       <goal name="WP_parameter dutch_flag.11.2" expl="correctness of parameter dutch_flag" sum="515f14ed3ad1eaf17eb6146f18d5477a" proved="true" expanded="true" shape="Lamk arrayV0V2Lamk arrayV0V7apermutV3V8Iainfix <V5V4NIapermut_subV2V7c0V1Aainfix =V0V1AamonochromeV8V4V1aRedAamonochromeV8V6V5aWhiteAamonochromeV8c0V6aBlueAainfix <=V4V1Aainfix <=V5V4Aainfix <=V6V5Aainfix <=c0V6FFFFIainfix =V0V1Aainfix <=c0V1FFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.03"/>
+         <result status="valid" time="0.07"/>
+        </proof>
+        <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.05"/>
         </proof>
        </goal>
       </transf>
diff --git a/examples/programs/insertion_sort.mlw b/examples/programs/insertion_sort.mlw
index c3dc62628263a354e387f4c5782243a295239275..01a7391db35c8a536b53bccf970878c9e511a5ad 100644
--- a/examples/programs/insertion_sort.mlw
+++ b/examples/programs/insertion_sort.mlw
@@ -15,25 +15,25 @@ module InsertionSort
 'L:
     for i = 1 to length a - 1 do
       (* a[0..i[ is sorted; now insert a[i] *)
-      invariant { sorted_sub a 0 i /\ permut a (at a 'L) }
+      invariant { sorted_sub a 0 i /\ permut (at a 'L) a }
       let v = a[i] in
       let j = ref i in
       while !j > 0 && a[!j - 1] > v do
         invariant {
-          0 <= !j <= i /\ permut a[!j <- v] (at a 'L) /\
+          0 <= !j <= i /\ permut (at a 'L) a[!j <- v] /\
           (forall k1 k2: int.
              0 <= k1 <= k2 <= i -> k1 <> !j -> k2 <> !j -> a[k1] <= a[k2]) /\
           (forall k: int. !j+1 <= k <= i -> v < a[k]) }
         variant { !j }
 'L1:
         a[!j] <- a[!j - 1];
-        assert { exchange a[!j-1 <- v] (at a 'L1)[!j <- v] (!j - 1) !j};
+        assert { exchange (at a 'L1)[!j <- v] a[!j-1 <- v] (!j - 1) !j};
         j := !j - 1
       done;
       assert { forall k: int. 0 <= k < !j -> a[k] <= v };
       a[!j] <- v
     done
-    { sorted a /\ permut a (old a) }
+    { sorted a /\ permut (old a) a }
 
 end
 
diff --git a/examples/programs/insertion_sort/why3session.xml b/examples/programs/insertion_sort/why3session.xml
index 4906b134486f2201597a1085c980dbbb91d8987a..6fe7d42f2a9bed50d8af1927ca81d6baa06e73f9 100644
--- a/examples/programs/insertion_sort/why3session.xml
+++ b/examples/programs/insertion_sort/why3session.xml
@@ -1,172 +1,215 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE why3session SYSTEM "why3session.dtd">
 <why3session name="examples/programs/insertion_sort/why3session.xml">
- <file name="../insertion_sort.mlw" verified="true" expanded="true">
-  <theory name="WP InsertionSort" verified="true" expanded="true">
-   <goal name="WP_parameter insertion_sort" expl="correctness of parameter insertion_sort" sum="52df11dfc4b1b1606ca27380dcf91a75" proved="true" expanded="true">
-    <transf name="split_goal" proved="true" expanded="true">
-     <goal name="WP_parameter insertion_sort.1" expl="normal postcondition" sum="bb6492bb0670c7bb75e24ba8da2a88e2" proved="true" expanded="false">
+ <prover id="alt-ergo" name="Alt-Ergo" version="0.93"/>
+ <prover id="coq" name="Coq" version="8.2pl1"/>
+ <prover id="cvc3" name="CVC3" version="2.2"/>
+ <prover id="eprover" name="Eprover" version="0.7 Dhajea"/>
+ <prover id="gappa" name="Gappa" version="0.14.0"/>
+ <prover id="simplify" name="Simplify" version="1.5.4"/>
+ <prover id="yices" name="Yices" version="1.0.13"/>
+ <prover id="z3" name="Z3" version="2.13"/>
+ <file name="../insertion_sort.mlw" verified="false" expanded="true">
+  <theory name="WP InsertionSort" verified="false" expanded="true">
+   <goal name="WP_parameter insertion_sort" expl="correctness of parameter insertion_sort" sum="ba7d33cff433c31f31822790e3c8b75e" proved="false" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3apermutV2V4AasortedV4IapermutV2V4Aasorted_subV3c0ainfix +ainfix -V0c1c1ALagetV3V5Lamk arrayV0V8iainfix >V7c0iainfix >agetV8ainfix -V7c1V6Lamk arrayV0V10ainfix <V12V7Aainfix <=c0V7Aainfix <V6agetV10V13Iainfix <=V13V5Aainfix <=ainfix +V12c1V13FAainfix <=agetV10V14agetV10V15Iainfix =V15V12NIainfix =V14V12NIainfix <=V15V5Aainfix <=V14V15Aainfix <=c0V14FAapermutV2asetV11V12V6Aainfix <=V12V5Aainfix <=c0V12Iainfix =V12ainfix -V7c1FAaexchangeCasetV9V7V6amk arraywVV16CasetV11ainfix -V7c1V6amk arraywVV17ainfix -V7c1V7Iainfix =V10asetV8V7agetV8ainfix -V7c1FAainfix <V7V0Aainfix <=c0V7Aainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1apermutV2amk arrayV0V18Aasorted_subV18c0ainfix +V5c1Iainfix =V18asetV8V7V6FAainfix <V7V0Aainfix <=c0V7Aainfix <=agetV8V19V6Iainfix <V19V7Aainfix <=c0V19FAainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1ifLamk arrayV0V20ainfix <V22V7Aainfix <=c0V7Aainfix <V6agetV20V23Iainfix <=V23V5Aainfix <=ainfix +V22c1V23FAainfix <=agetV20V24agetV20V25Iainfix =V25V22NIainfix =V24V22NIainfix <=V25V5Aainfix <=V24V25Aainfix <=c0V24FAapermutV2asetV21V22V6Aainfix <=V22V5Aainfix <=c0V22Iainfix =V22ainfix -V7c1FAaexchangeCasetV9V7V6amk arraywVV26CasetV21ainfix -V7c1V6amk arraywVV27ainfix -V7c1V7Iainfix =V20asetV8V7agetV8ainfix -V7c1FAainfix <V7V0Aainfix <=c0V7Aainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1apermutV2amk arrayV0V28Aasorted_subV28c0ainfix +V5c1Iainfix =V28asetV8V7V6FAainfix <V7V0Aainfix <=c0V7Aainfix <=agetV8V29V6Iainfix <V29V7Aainfix <=c0V29FIainfix <V6agetV8V30Iainfix <=V30V5Aainfix <=ainfix +V7c1V30FAainfix <=agetV8V31agetV8V32Iainfix =V32V7NIainfix =V31V7NIainfix <=V32V5Aainfix <=V31V32Aainfix <=c0V31FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFAainfix <V6agetV3V33Iainfix <=V33V5Aainfix <=ainfix +V5c1V33FAainfix <=agetV3V34agetV3V35Iainfix =V35V5NIainfix =V34V5NIainfix <=V35V5Aainfix <=V34V35Aainfix <=c0V34FAapermutV2asetV4V5V6Aainfix <=V5V5Aainfix <=c0V5Aainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFAapermutV2V2Aasorted_subV1c0c1Iainfix <=c1ainfix -V0c1AapermutV2V2AasortedV2Iainfix >c1ainfix -V0c1FF">
+    <transf name="split_goal" proved="false" expanded="true">
+     <goal name="WP_parameter insertion_sort.1" expl="normal postcondition" sum="0d467139981e2be12600aa9eab9b5387" proved="true" expanded="true" shape="Lamk arrayV0V1apermutV2V2AasortedV2Iainfix >c1ainfix -V0c1FF">
       <proof prover="alt-ergo" timelimit="30" edited="" obsolete="false">
-       <result status="valid" time="0.02"/>
+       <result status="valid" time="0.04"/>
       </proof>
      </goal>
-     <goal name="WP_parameter insertion_sort.2" expl="for loop initialization" sum="1e417f4ec6a45a2be290cc3e6fc35473" proved="true" expanded="false">
-      <proof prover="alt-ergo" timelimit="30" edited="" obsolete="false">
-       <result status="valid" time="0.01"/>
-      </proof>
-     </goal>
-     <goal name="WP_parameter insertion_sort.3" expl="for loop preservation" sum="ce2751087c1b44c33a1945304e896655" proved="true" expanded="true">
+     <goal name="WP_parameter insertion_sort.2" expl="for loop initialization" sum="bb6da37008a789c5e740ca8071b58154" proved="true" expanded="true" shape="Lamk arrayV0V1apermutV2V2Aasorted_subV1c0c1Iainfix <=c1ainfix -V0c1FF">
       <transf name="split_goal" proved="true" expanded="true">
-       <goal name="WP_parameter insertion_sort.3.1" expl="for loop preservation" sum="1fc8f8a33493bc212cf613b97d1bdaf5" proved="true" expanded="false">
+       <goal name="WP_parameter insertion_sort.2.1" expl="correctness of parameter insertion_sort" sum="bff34f38daf27dabef7f0ba055a4c5f4" proved="true" expanded="true" shape="Lamk arrayV0V1asorted_subV1c0c1Iainfix <=c1ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="30" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
+         <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.2" expl="for loop preservation" sum="dda6b7bb0df5896a7498d61e1bab580f" proved="true" expanded="false">
+       <goal name="WP_parameter insertion_sort.2.2" expl="correctness of parameter insertion_sort" sum="2f95de4c5c4763a160f1c03c639c6ccd" proved="true" expanded="true" shape="Lamk arrayV0V1apermutV2V2Iainfix <=c1ainfix -V0c1FF">
         <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.3" expl="for loop preservation" sum="4c5ef1fc9cbccfe9b38fa239ccce671b" proved="true" expanded="false">
-        <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+      </transf>
+     </goal>
+     <goal name="WP_parameter insertion_sort.3" expl="for loop preservation" sum="93d44998908e8b7fcdc34c21cede0f4f" proved="false" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8iainfix >V7c0iainfix >agetV8ainfix -V7c1V6Lamk arrayV0V10ainfix <V12V7Aainfix <=c0V7Aainfix <V6agetV10V13Iainfix <=V13V5Aainfix <=ainfix +V12c1V13FAainfix <=agetV10V14agetV10V15Iainfix =V15V12NIainfix =V14V12NIainfix <=V15V5Aainfix <=V14V15Aainfix <=c0V14FAapermutV2asetV11V12V6Aainfix <=V12V5Aainfix <=c0V12Iainfix =V12ainfix -V7c1FAaexchangeCasetV9V7V6amk arraywVV16CasetV11ainfix -V7c1V6amk arraywVV17ainfix -V7c1V7Iainfix =V10asetV8V7agetV8ainfix -V7c1FAainfix <V7V0Aainfix <=c0V7Aainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1apermutV2amk arrayV0V18Aasorted_subV18c0ainfix +V5c1Iainfix =V18asetV8V7V6FAainfix <V7V0Aainfix <=c0V7Aainfix <=agetV8V19V6Iainfix <V19V7Aainfix <=c0V19FAainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1ifLamk arrayV0V20ainfix <V22V7Aainfix <=c0V7Aainfix <V6agetV20V23Iainfix <=V23V5Aainfix <=ainfix +V22c1V23FAainfix <=agetV20V24agetV20V25Iainfix =V25V22NIainfix =V24V22NIainfix <=V25V5Aainfix <=V24V25Aainfix <=c0V24FAapermutV2asetV21V22V6Aainfix <=V22V5Aainfix <=c0V22Iainfix =V22ainfix -V7c1FAaexchangeCasetV9V7V6amk arraywVV26CasetV21ainfix -V7c1V6amk arraywVV27ainfix -V7c1V7Iainfix =V20asetV8V7agetV8ainfix -V7c1FAainfix <V7V0Aainfix <=c0V7Aainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1apermutV2amk arrayV0V28Aasorted_subV28c0ainfix +V5c1Iainfix =V28asetV8V7V6FAainfix <V7V0Aainfix <=c0V7Aainfix <=agetV8V29V6Iainfix <V29V7Aainfix <=c0V29FIainfix <V6agetV8V30Iainfix <=V30V5Aainfix <=ainfix +V7c1V30FAainfix <=agetV8V31agetV8V32Iainfix =V32V7NIainfix =V31V7NIainfix <=V32V5Aainfix <=V31V32Aainfix <=c0V31FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFAainfix <V6agetV3V33Iainfix <=V33V5Aainfix <=ainfix +V5c1V33FAainfix <=agetV3V34agetV3V35Iainfix =V35V5NIainfix =V34V5NIainfix <=V35V5Aainfix <=V34V35Aainfix <=c0V34FAapermutV2asetV4V5V6Aainfix <=V5V5Aainfix <=c0V5Aainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
+      <transf name="split_goal" proved="false" expanded="true">
+       <goal name="WP_parameter insertion_sort.3.1" expl="for loop preservation" sum="26d6c7b5d446796ede5132f4c6e6cf56" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3ainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.03"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.4" expl="for loop preservation" sum="2b4a02a52328dd3ae37e3fbcf4e6e065" proved="true" expanded="false">
+       <goal name="WP_parameter insertion_sort.3.2" expl="for loop preservation" sum="d09df538ad9fc6d8a994cdcba28c9a5b" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5ainfix <V6agetV3V7Iainfix <=V7V5Aainfix <=ainfix +V5c1V7FAainfix <=agetV3V8agetV3V9Iainfix =V9V5NIainfix =V8V5NIainfix <=V9V5Aainfix <=V8V9Aainfix <=c0V8FAapermutV2asetV4V5V6Aainfix <=V5V5Aainfix <=c0V5Iainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
         <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
+         <result status="valid" time="0.05"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.5" expl="for loop preservation" sum="b6cd8b74e4abdad61d699b45afcf91e1" proved="true" expanded="false">
-        <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
+       <goal name="WP_parameter insertion_sort.3.3" expl="for loop preservation" sum="6e904f54936b9403db94e24f178ead2b" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8ainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >V7c0Iainfix <V6agetV8V10Iainfix <=V10V5Aainfix <=ainfix +V7c1V10FAainfix <=agetV8V11agetV8V12Iainfix =V12V7NIainfix =V11V7NIainfix <=V12V5Aainfix <=V11V12Aainfix <=c0V11FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.03"/>
+        </proof>
+       </goal>
+       <goal name="WP_parameter insertion_sort.3.4" expl="for loop preservation" sum="5774ac1df3ea4842733f635349825bb9" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8ainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >agetV8ainfix -V7c1V6Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >V7c0Iainfix <V6agetV8V10Iainfix <=V10V5Aainfix <=ainfix +V7c1V10FAainfix <=agetV8V11agetV8V12Iainfix =V12V7NIainfix =V11V7NIainfix <=V12V5Aainfix <=V11V12Aainfix <=c0V11FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.03"/>
+        </proof>
+       </goal>
+       <goal name="WP_parameter insertion_sort.3.5" expl="for loop preservation" sum="eb37f6f07ce51ce05d0fe74b50fe1ea7" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8ainfix <V7V0Aainfix <=c0V7Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >agetV8ainfix -V7c1V6Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >V7c0Iainfix <V6agetV8V10Iainfix <=V10V5Aainfix <=ainfix +V7c1V10FAainfix <=agetV8V11agetV8V12Iainfix =V12V7NIainfix =V11V7NIainfix <=V12V5Aainfix <=V11V12Aainfix <=c0V11FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.6" expl="for loop preservation" sum="7469ac21f28641078ecf05befb432b4a" proved="true" expanded="false">
-        <proof prover="z3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.10"/>
+       <goal name="WP_parameter insertion_sort.3.6" expl="for loop preservation" sum="5e5f50afcc6ece0a8e68ce5ef6b61eb0" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8Lamk arrayV0V10aexchangeCasetV9V7V6amk arraywVV12CasetV11ainfix -V7c1V6amk arraywVV13ainfix -V7c1V7Iainfix =V10asetV8V7agetV8ainfix -V7c1FIainfix <V7V0Aainfix <=c0V7Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >agetV8ainfix -V7c1V6Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >V7c0Iainfix <V6agetV8V14Iainfix <=V14V5Aainfix <=ainfix +V7c1V14FAainfix <=agetV8V15agetV8V16Iainfix =V16V7NIainfix =V15V7NIainfix <=V16V5Aainfix <=V15V16Aainfix <=c0V15FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="3.36"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.7" expl="for loop preservation" sum="a79927e40e82f44bb2b90202f518345c" proved="true" expanded="true">
-        <transf name="split_goal" proved="true" expanded="true">
-         <goal name="WP_parameter insertion_sort.3.7.1" expl="for loop preservation" sum="a18c6d454fee9e450b12110bd9e7db2d" proved="true" expanded="false">
+       <goal name="WP_parameter insertion_sort.3.7" expl="for loop preservation" sum="07de9781228b48c01d77f6fee2500e9c" proved="false" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8Lamk arrayV0V10ainfix <V6agetV10V13Iainfix <=V13V5Aainfix <=ainfix +V12c1V13FAainfix <=agetV10V14agetV10V15Iainfix =V15V12NIainfix =V14V12NIainfix <=V15V5Aainfix <=V14V15Aainfix <=c0V14FAapermutV2asetV11V12V6Aainfix <=V12V5Aainfix <=c0V12Iainfix =V12ainfix -V7c1FIaexchangeCasetV9V7V6amk arraywVV16CasetV11ainfix -V7c1V6amk arraywVV17ainfix -V7c1V7Iainfix =V10asetV8V7agetV8ainfix -V7c1FIainfix <V7V0Aainfix <=c0V7Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >agetV8ainfix -V7c1V6Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >V7c0Iainfix <V6agetV8V18Iainfix <=V18V5Aainfix <=ainfix +V7c1V18FAainfix <=agetV8V19agetV8V20Iainfix =V20V7NIainfix =V19V7NIainfix <=V20V5Aainfix <=V19V20Aainfix <=c0V19FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
+        <transf name="split_goal" proved="false" expanded="true">
+         <goal name="WP_parameter insertion_sort.3.7.1" expl="for loop preservation" sum="67b6e80fae5e80dbfd7a026b263d88d5" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8Lamk arrayV0V10ainfix <=c0V12Iainfix =V12ainfix -V7c1FIaexchangeCasetV9V7V6amk arraywVV13CasetV11ainfix -V7c1V6amk arraywVV14ainfix -V7c1V7Iainfix =V10asetV8V7agetV8ainfix -V7c1FIainfix <V7V0Aainfix <=c0V7Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >agetV8ainfix -V7c1V6Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >V7c0Iainfix <V6agetV8V15Iainfix <=V15V5Aainfix <=ainfix +V7c1V15FAainfix <=agetV8V16agetV8V17Iainfix =V17V7NIainfix =V16V7NIainfix <=V17V5Aainfix <=V16V17Aainfix <=c0V16FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
           <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
            <result status="valid" time="0.01"/>
           </proof>
          </goal>
-         <goal name="WP_parameter insertion_sort.3.7.2" expl="for loop preservation" sum="50d8b516f2f3651f71e4efa9e2ac7642" proved="true" expanded="false">
+         <goal name="WP_parameter insertion_sort.3.7.2" expl="for loop preservation" sum="e487b3843498f3cf1543ee338edfb31b" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8Lamk arrayV0V10ainfix <=V12V5Iainfix =V12ainfix -V7c1FIaexchangeCasetV9V7V6amk arraywVV13CasetV11ainfix -V7c1V6amk arraywVV14ainfix -V7c1V7Iainfix =V10asetV8V7agetV8ainfix -V7c1FIainfix <V7V0Aainfix <=c0V7Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >agetV8ainfix -V7c1V6Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >V7c0Iainfix <V6agetV8V15Iainfix <=V15V5Aainfix <=ainfix +V7c1V15FAainfix <=agetV8V16agetV8V17Iainfix =V17V7NIainfix =V16V7NIainfix <=V17V5Aainfix <=V16V17Aainfix <=c0V16FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
           <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-           <result status="valid" time="0.01"/>
+           <result status="valid" time="0.02"/>
           </proof>
          </goal>
-         <goal name="WP_parameter insertion_sort.3.7.3" expl="for loop preservation" sum="075afbb9aa06a22be826b537dbf2212c" proved="true" expanded="true">
-          <proof prover="coq" timelimit="10" edited="insertion_sort_WP_InsertionSort_WP_parameter_insertion_sort_1.v" obsolete="false">
-           <result status="valid" time="0.57"/>
+         <goal name="WP_parameter insertion_sort.3.7.3" expl="for loop preservation" sum="d151c246094fcbaee0d63f8daf0daac4" proved="false" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8Lamk arrayV0V10apermutV2asetV11V12V6Iainfix =V12ainfix -V7c1FIaexchangeCasetV9V7V6amk arraywVV13CasetV11ainfix -V7c1V6amk arraywVV14ainfix -V7c1V7Iainfix =V10asetV8V7agetV8ainfix -V7c1FIainfix <V7V0Aainfix <=c0V7Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >agetV8ainfix -V7c1V6Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >V7c0Iainfix <V6agetV8V15Iainfix <=V15V5Aainfix <=ainfix +V7c1V15FAainfix <=agetV8V16agetV8V17Iainfix =V17V7NIainfix =V16V7NIainfix <=V17V5Aainfix <=V16V17Aainfix <=c0V16FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
+          <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
+           <result status="timeout" time="10.04"/>
+          </proof>
+          <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+           <result status="timeout" time="11.66"/>
           </proof>
-         </goal>
-         <goal name="WP_parameter insertion_sort.3.7.4" expl="for loop preservation" sum="756f7fe0e228ea72695f12fe2ab1edd1" proved="true" expanded="false">
           <proof prover="z3" timelimit="10" edited="" obsolete="false">
-           <result status="valid" time="0.10"/>
+           <result status="timeout" time="10.07"/>
           </proof>
          </goal>
-         <goal name="WP_parameter insertion_sort.3.7.5" expl="for loop preservation" sum="cc3c7f1b977d1749b4166a006261c7ae" proved="true" expanded="false">
+         <goal name="WP_parameter insertion_sort.3.7.4" expl="for loop preservation" sum="4249a7d0a8e06086ba18245ad25240b8" proved="false" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8Lamk arrayV0V10ainfix <=agetV10V13agetV10V14Iainfix =V14V12NIainfix =V13V12NIainfix <=V14V5Aainfix <=V13V14Aainfix <=c0V13FIainfix =V12ainfix -V7c1FIaexchangeCasetV9V7V6amk arraywVV15CasetV11ainfix -V7c1V6amk arraywVV16ainfix -V7c1V7Iainfix =V10asetV8V7agetV8ainfix -V7c1FIainfix <V7V0Aainfix <=c0V7Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >agetV8ainfix -V7c1V6Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >V7c0Iainfix <V6agetV8V17Iainfix <=V17V5Aainfix <=ainfix +V7c1V17FAainfix <=agetV8V18agetV8V19Iainfix =V19V7NIainfix =V18V7NIainfix <=V19V5Aainfix <=V18V19Aainfix <=c0V18FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
           <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-           <result status="valid" time="0.02"/>
+           <result status="timeout" time="10.11"/>
           </proof>
           <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-           <result status="valid" time="1.75"/>
+           <result status="timeout" time="10.68"/>
+          </proof>
+          <proof prover="z3" timelimit="10" edited="" obsolete="false">
+           <result status="timeout" time="10.17"/>
+          </proof>
+         </goal>
+         <goal name="WP_parameter insertion_sort.3.7.5" expl="for loop preservation" sum="8647b813de87427481049ae011b60f55" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8Lamk arrayV0V10ainfix <V6agetV10V13Iainfix <=V13V5Aainfix <=ainfix +V12c1V13FIainfix =V12ainfix -V7c1FIaexchangeCasetV9V7V6amk arraywVV14CasetV11ainfix -V7c1V6amk arraywVV15ainfix -V7c1V7Iainfix =V10asetV8V7agetV8ainfix -V7c1FIainfix <V7V0Aainfix <=c0V7Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >agetV8ainfix -V7c1V6Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >V7c0Iainfix <V6agetV8V16Iainfix <=V16V5Aainfix <=ainfix +V7c1V16FAainfix <=agetV8V17agetV8V18Iainfix =V18V7NIainfix =V17V7NIainfix <=V18V5Aainfix <=V17V18Aainfix <=c0V17FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
+          <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+           <result status="valid" time="0.90"/>
           </proof>
          </goal>
         </transf>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.8" expl="for loop preservation" sum="5b62db4c1432a705b008b863a253ad64" proved="true" expanded="false">
-        <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
+       <goal name="WP_parameter insertion_sort.3.8" expl="for loop preservation" sum="9a93d35b7471fee4d0d79660265ca6b6" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8Lamk arrayV0V10ainfix <V12V7Aainfix <=c0V7Iainfix <V6agetV10V13Iainfix <=V13V5Aainfix <=ainfix +V12c1V13FAainfix <=agetV10V14agetV10V15Iainfix =V15V12NIainfix =V14V12NIainfix <=V15V5Aainfix <=V14V15Aainfix <=c0V14FAapermutV2asetV11V12V6Aainfix <=V12V5Aainfix <=c0V12Iainfix =V12ainfix -V7c1FIaexchangeCasetV9V7V6amk arraywVV16CasetV11ainfix -V7c1V6amk arraywVV17ainfix -V7c1V7Iainfix =V10asetV8V7agetV8ainfix -V7c1FIainfix <V7V0Aainfix <=c0V7Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >agetV8ainfix -V7c1V6Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >V7c0Iainfix <V6agetV8V18Iainfix <=V18V5Aainfix <=ainfix +V7c1V18FAainfix <=agetV8V19agetV8V20Iainfix =V20V7NIainfix =V19V7NIainfix <=V20V5Aainfix <=V19V20Aainfix <=c0V19FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.03"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.9" expl="for loop preservation" sum="b19426a5d510062a4ccb7ae7c3b43b43" proved="true" expanded="false">
-        <proof prover="alt-ergo" timelimit="30" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+       <goal name="WP_parameter insertion_sort.3.9" expl="for loop preservation" sum="7c315f4550de915a0a01aa6117f7bac7" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8ainfix <=agetV8V10V6Iainfix <V10V7Aainfix <=c0V10FIainfix >agetV8ainfix -V7c1V6NIainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >V7c0Iainfix <V6agetV8V11Iainfix <=V11V5Aainfix <=ainfix +V7c1V11FAainfix <=agetV8V12agetV8V13Iainfix =V13V7NIainfix =V12V7NIainfix <=V13V5Aainfix <=V12V13Aainfix <=c0V12FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.10" expl="for loop preservation" sum="396ea238782f9a6e6b140616631fe0c3" proved="true" expanded="false">
+       <goal name="WP_parameter insertion_sort.3.10" expl="for loop preservation" sum="9cd1e69fb3cb9b8755d32fa2b6a27143" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8ainfix <V7V0Aainfix <=c0V7Iainfix <=agetV8V10V6Iainfix <V10V7Aainfix <=c0V10FIainfix >agetV8ainfix -V7c1V6NIainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >V7c0Iainfix <V6agetV8V11Iainfix <=V11V5Aainfix <=ainfix +V7c1V11FAainfix <=agetV8V12agetV8V13Iainfix =V13V7NIainfix =V12V7NIainfix <=V13V5Aainfix <=V12V13Aainfix <=c0V12FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
         <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
+         <result status="valid" time="0.05"/>
+        </proof>
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.03"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.11" expl="for loop preservation" sum="5ad6de4ad305198f5d9e6bff737f0222" proved="true" expanded="false">
-        <transf name="split_goal" proved="true" expanded="false">
-         <goal name="WP_parameter insertion_sort.3.11.1" expl="for loop preservation" sum="5ad6de4ad305198f5d9e6bff737f0222" proved="true" expanded="false">
-          <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-           <result status="valid" time="0.04"/>
-          </proof>
-         </goal>
-        </transf>
+       <goal name="WP_parameter insertion_sort.3.11" expl="for loop preservation" sum="f3c6e14445e811727d1a4923af55a6a5" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8asorted_subV10c0ainfix +V5c1Iainfix =V10asetV8V7V6FIainfix <V7V0Aainfix <=c0V7Iainfix <=agetV8V11V6Iainfix <V11V7Aainfix <=c0V11FIainfix >agetV8ainfix -V7c1V6NIainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >V7c0Iainfix <V6agetV8V12Iainfix <=V12V5Aainfix <=ainfix +V7c1V12FAainfix <=agetV8V13agetV8V14Iainfix =V14V7NIainfix =V13V7NIainfix <=V14V5Aainfix <=V13V14Aainfix <=c0V13FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
+        <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.12"/>
+        </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.12" expl="for loop preservation" sum="3b06628d16ec9615d78d1fe59d95b9ef" proved="true" expanded="false">
+       <goal name="WP_parameter insertion_sort.3.12" expl="for loop preservation" sum="b95b5dbeb0fa57f72f1abf4a8f9de2a7" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8apermutV2amk arrayV0V10Iainfix =V10asetV8V7V6FIainfix <V7V0Aainfix <=c0V7Iainfix <=agetV8V11V6Iainfix <V11V7Aainfix <=c0V11FIainfix >agetV8ainfix -V7c1V6NIainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1Iainfix >V7c0Iainfix <V6agetV8V12Iainfix <=V12V5Aainfix <=ainfix +V7c1V12FAainfix <=agetV8V13agetV8V14Iainfix =V14V7NIainfix =V13V7NIainfix <=V14V5Aainfix <=V13V14Aainfix <=c0V13FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
         <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="valid" time="0.05"/>
+        </proof>
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="8.35"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.13" expl="for loop preservation" sum="6f0fd17e727ebbf5cc9422090d3365ce" proved="true" expanded="false">
+       <goal name="WP_parameter insertion_sort.3.13" expl="for loop preservation" sum="9204708a2eeb824f952bdf73f439efb8" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8ainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1IfIainfix >V7c0NIainfix <V6agetV8V10Iainfix <=V10V5Aainfix <=ainfix +V7c1V10FAainfix <=agetV8V11agetV8V12Iainfix =V12V7NIainfix =V11V7NIainfix <=V12V5Aainfix <=V11V12Aainfix <=c0V11FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
         <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
+         <result status="valid" time="0.03"/>
+        </proof>
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.14" expl="for loop preservation" sum="5487e3c6216b417d7f62ec51d750e3de" proved="true" expanded="false">
-        <proof prover="alt-ergo" timelimit="30" edited="" obsolete="false">
-         <result status="valid" time="0.00"/>
+       <goal name="WP_parameter insertion_sort.3.14" expl="for loop preservation" sum="efb88bc92849887680778cdadb11805a" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8ainfix <V7V0Aainfix <=c0V7Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1IfIainfix >V7c0NIainfix <V6agetV8V10Iainfix <=V10V5Aainfix <=ainfix +V7c1V10FAainfix <=agetV8V11agetV8V12Iainfix =V12V7NIainfix =V11V7NIainfix <=V12V5Aainfix <=V11V12Aainfix <=c0V11FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
+        <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.03"/>
+        </proof>
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.15" expl="for loop preservation" sum="cdd1c1fdf67e200f33ddcf17b1e60790" proved="true" expanded="false">
+       <goal name="WP_parameter insertion_sort.3.15" expl="for loop preservation" sum="9f87a767d9c74423cffc2d3061dfd035" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8Lamk arrayV0V10aexchangeCasetV9V7V6amk arraywVV12CasetV11ainfix -V7c1V6amk arraywVV13ainfix -V7c1V7Iainfix =V10asetV8V7agetV8ainfix -V7c1FIainfix <V7V0Aainfix <=c0V7Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1IfIainfix >V7c0NIainfix <V6agetV8V14Iainfix <=V14V5Aainfix <=ainfix +V7c1V14FAainfix <=agetV8V15agetV8V16Iainfix =V16V7NIainfix =V15V7NIainfix <=V16V5Aainfix <=V15V16Aainfix <=c0V15FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
         <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.00"/>
+         <result status="valid" time="0.03"/>
+        </proof>
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.16" expl="for loop preservation" sum="ecfab033d4dd9d047905e54287fb3267" proved="true" expanded="false">
+       <goal name="WP_parameter insertion_sort.3.16" expl="for loop preservation" sum="46baad96d01c619cf14fe5c007a88aa2" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8Lamk arrayV0V10ainfix <V6agetV10V13Iainfix <=V13V5Aainfix <=ainfix +V12c1V13FAainfix <=agetV10V14agetV10V15Iainfix =V15V12NIainfix =V14V12NIainfix <=V15V5Aainfix <=V14V15Aainfix <=c0V14FAapermutV2asetV11V12V6Aainfix <=V12V5Aainfix <=c0V12Iainfix =V12ainfix -V7c1FIaexchangeCasetV9V7V6amk arraywVV16CasetV11ainfix -V7c1V6amk arraywVV17ainfix -V7c1V7Iainfix =V10asetV8V7agetV8ainfix -V7c1FIainfix <V7V0Aainfix <=c0V7Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1IfIainfix >V7c0NIainfix <V6agetV8V18Iainfix <=V18V5Aainfix <=ainfix +V7c1V18FAainfix <=agetV8V19agetV8V20Iainfix =V20V7NIainfix =V19V7NIainfix <=V20V5Aainfix <=V19V20Aainfix <=c0V19FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
         <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.00"/>
+         <result status="valid" time="0.03"/>
+        </proof>
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.17" expl="for loop preservation" sum="4287adf46acf015271010995d8abb858" proved="true" expanded="false">
+       <goal name="WP_parameter insertion_sort.3.17" expl="for loop preservation" sum="81445659e0c3979cd2c107dbb18a0fe5" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8Lamk arrayV0V10ainfix <V12V7Aainfix <=c0V7Iainfix <V6agetV10V13Iainfix <=V13V5Aainfix <=ainfix +V12c1V13FAainfix <=agetV10V14agetV10V15Iainfix =V15V12NIainfix =V14V12NIainfix <=V15V5Aainfix <=V14V15Aainfix <=c0V14FAapermutV2asetV11V12V6Aainfix <=V12V5Aainfix <=c0V12Iainfix =V12ainfix -V7c1FIaexchangeCasetV9V7V6amk arraywVV16CasetV11ainfix -V7c1V6amk arraywVV17ainfix -V7c1V7Iainfix =V10asetV8V7agetV8ainfix -V7c1FIainfix <V7V0Aainfix <=c0V7Iainfix <ainfix -V7c1V0Aainfix <=c0ainfix -V7c1IfIainfix >V7c0NIainfix <V6agetV8V18Iainfix <=V18V5Aainfix <=ainfix +V7c1V18FAainfix <=agetV8V19agetV8V20Iainfix =V20V7NIainfix =V19V7NIainfix <=V20V5Aainfix <=V19V20Aainfix <=c0V19FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
         <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.00"/>
+         <result status="valid" time="0.03"/>
+        </proof>
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.18" expl="for loop preservation" sum="0fb561d9f960f932181d3ea8756b4bb1" proved="true" expanded="false">
+       <goal name="WP_parameter insertion_sort.3.18" expl="for loop preservation" sum="b4fe237e53e46ed16a71905f7f8e8c09" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8ainfix <=agetV8V10V6Iainfix <V10V7Aainfix <=c0V10FIfNIainfix >V7c0NIainfix <V6agetV8V11Iainfix <=V11V5Aainfix <=ainfix +V7c1V11FAainfix <=agetV8V12agetV8V13Iainfix =V13V7NIainfix =V12V7NIainfix <=V13V5Aainfix <=V12V13Aainfix <=c0V12FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
         <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
+         <result status="valid" time="0.05"/>
+        </proof>
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.19" expl="for loop preservation" sum="8ce0c1bce0303508d0623a011a2a29d7" proved="true" expanded="false">
-        <transf name="split_goal" proved="true" expanded="false">
-         <goal name="WP_parameter insertion_sort.3.19.1" expl="for loop preservation" sum="e5a30d8c682249f3b7ce2ae8073297b3" proved="true" expanded="false">
-          <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-           <result status="valid" time="0.02"/>
-          </proof>
-         </goal>
-         <goal name="WP_parameter insertion_sort.3.19.2" expl="for loop preservation" sum="124e17a3f3ee82824d1eb8cbcf5b8ade" proved="true" expanded="false">
-          <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-           <result status="valid" time="0.02"/>
-          </proof>
-         </goal>
-        </transf>
+       <goal name="WP_parameter insertion_sort.3.19" expl="for loop preservation" sum="4bcb2eec320f8217f9100641117ce18c" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8ainfix <V7V0Aainfix <=c0V7Iainfix <=agetV8V10V6Iainfix <V10V7Aainfix <=c0V10FIfNIainfix >V7c0NIainfix <V6agetV8V11Iainfix <=V11V5Aainfix <=ainfix +V7c1V11FAainfix <=agetV8V12agetV8V13Iainfix =V13V7NIainfix =V12V7NIainfix <=V13V5Aainfix <=V12V13Aainfix <=c0V12FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
+        <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.04"/>
+        </proof>
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.04"/>
+        </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.20" expl="for loop preservation" sum="75dc2a24503ea34b53169d53de464e2d" proved="true" expanded="false">
+       <goal name="WP_parameter insertion_sort.3.20" expl="for loop preservation" sum="0bd4a802c8791f4d33e1e98e39e3e408" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8asorted_subV10c0ainfix +V5c1Iainfix =V10asetV8V7V6FIainfix <V7V0Aainfix <=c0V7Iainfix <=agetV8V11V6Iainfix <V11V7Aainfix <=c0V11FIfNIainfix >V7c0NIainfix <V6agetV8V12Iainfix <=V12V5Aainfix <=ainfix +V7c1V12FAainfix <=agetV8V13agetV8V14Iainfix =V14V7NIainfix =V13V7NIainfix <=V14V5Aainfix <=V13V14Aainfix <=c0V13FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
         <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.03"/>
+         <result status="valid" time="0.09"/>
         </proof>
        </goal>
-       <goal name="WP_parameter insertion_sort.3.21" expl="for loop preservation" sum="b4c3c90f52459988cece36a839594a4d" proved="true" expanded="false">
-        <proof prover="alt-ergo" timelimit="30" edited="" obsolete="false">
-         <result status="valid" time="19.82"/>
+       <goal name="WP_parameter insertion_sort.3.21" expl="for loop preservation" sum="89e575027d714d889376540806532300" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3LagetV3V5Lamk arrayV0V8apermutV2amk arrayV0V10Iainfix =V10asetV8V7V6FIainfix <V7V0Aainfix <=c0V7Iainfix <=agetV8V11V6Iainfix <V11V7Aainfix <=c0V11FIfNIainfix >V7c0NIainfix <V6agetV8V12Iainfix <=V12V5Aainfix <=ainfix +V7c1V12FAainfix <=agetV8V13agetV8V14Iainfix =V14V7NIainfix =V13V7NIainfix <=V14V5Aainfix <=V13V14Aainfix <=c0V13FAapermutV2asetV9V7V6Aainfix <=V7V5Aainfix <=c0V7FFIainfix <V5V0Aainfix <=c0V5IapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c1V5FFIainfix <=c1ainfix -V0c1FF">
+        <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.05"/>
+        </proof>
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="5.91"/>
         </proof>
        </goal>
       </transf>
      </goal>
-     <goal name="WP_parameter insertion_sort.4" expl="normal postcondition" sum="31133fccb9f8e19b1389d9c2199b636b" proved="true" expanded="false">
+     <goal name="WP_parameter insertion_sort.4" expl="normal postcondition" sum="85f65475e5984eedc61efce70054ab1f" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3apermutV2V4AasortedV4IapermutV2V4Aasorted_subV3c0ainfix +ainfix -V0c1c1FIainfix <=c1ainfix -V0c1FF">
       <proof prover="alt-ergo" timelimit="30" edited="" obsolete="false">
-       <result status="valid" time="0.02"/>
+       <result status="valid" time="0.03"/>
       </proof>
      </goal>
     </transf>
diff --git a/examples/programs/quicksort.mlw b/examples/programs/quicksort.mlw
index 968de8a928d00b66870732bccca6c3f0780673d7..4e200eb5dca32f0b21a41c2c683d966251cb47d1 100644
--- a/examples/programs/quicksort.mlw
+++ b/examples/programs/quicksort.mlw
@@ -19,7 +19,7 @@ module Quicksort
     let v = t[i] in
     t[i] <- t[j];
     t[j] <- v
-    { exchange t (old t) i j }
+    { exchange (old t) t i j }
 
   let rec quick_rec (t:array int) (l:int) (r:int) : unit variant { 1+r-l } =
     { 0 <= l /\ r < length t }
@@ -29,7 +29,7 @@ module Quicksort
 'L:   for i = l + 1 to r do
         invariant { (forall j:int. l < j <= !m -> t[j] < v) /\
                     (forall j:int. !m < j <  i -> t[j] >= v) /\
-                    permut_sub t (at t 'L) l (r+1) /\
+                    permut_sub (at t 'L) t l (r+1) /\
                     t[l] = v /\ l <= !m < i }
         if t[i] < v then begin m := !m + 1; swap t i !m end
       done;
@@ -37,12 +37,12 @@ module Quicksort
       quick_rec t l (!m - 1);
       quick_rec t (!m + 1) r
     end
-    { sorted_sub t l (r+1) /\ permut_sub t (old t) l (r+1) }
+    { sorted_sub t l (r+1) /\ permut_sub (old t) t l (r+1) }
 
   let quicksort (t : array int) =
     { }
     quick_rec t 0 (length t - 1)
-    { sorted t /\ permut t (old t) }
+    { sorted t /\ permut (old t) t }
 
 end
 
diff --git a/examples/programs/quicksort/quicksort_WP_Quicksort_WP_parameter_quick_rec_1.v b/examples/programs/quicksort/quicksort_WP_Quicksort_WP_parameter_quick_rec_1.v
new file mode 100644
index 0000000000000000000000000000000000000000..a0cfb30fe8ebfd84d739ec75c9a457ffd922ce54
--- /dev/null
+++ b/examples/programs/quicksort/quicksort_WP_Quicksort_WP_parameter_quick_rec_1.v
@@ -0,0 +1,190 @@
+(* This file is generated by Why3's Coq driver *)
+(* Beware! Only edit allowed sections below    *)
+Require Import ZArith.
+Require Import Rbase.
+Definition unit  := unit.
+
+Parameter mark : Type.
+
+Parameter at1: forall (a:Type), a -> mark -> a.
+
+Implicit Arguments at1.
+
+Parameter old: forall (a:Type), a -> a.
+
+Implicit Arguments old.
+
+Inductive ref (a:Type) :=
+  | mk_ref : a -> ref a.
+Implicit Arguments mk_ref.
+
+Definition contents (a:Type)(u:(ref a)): a :=
+  match u with
+  | mk_ref contents1 => contents1
+  end.
+Implicit Arguments contents.
+
+Parameter map : forall (a:Type) (b:Type), Type.
+
+Parameter get: forall (a:Type) (b:Type), (map a b) -> a -> b.
+
+Implicit Arguments get.
+
+Parameter set: forall (a:Type) (b:Type), (map a b) -> a -> b -> (map a b).
+
+Implicit Arguments set.
+
+Axiom Select_eq : forall (a:Type) (b:Type), forall (m:(map a b)),
+  forall (a1:a) (a2:a), forall (b1:b), (a1 = a2) -> ((get (set m a1 b1)
+  a2) = b1).
+
+Axiom Select_neq : forall (a:Type) (b:Type), forall (m:(map a b)),
+  forall (a1:a) (a2:a), forall (b1:b), (~ (a1 = a2)) -> ((get (set m a1 b1)
+  a2) = (get m a2)).
+
+Parameter const: forall (b:Type) (a:Type), b -> (map a b).
+
+Set Contextual Implicit.
+Implicit Arguments const.
+Unset Contextual Implicit.
+
+Axiom Const : forall (b:Type) (a:Type), forall (b1:b) (a1:a), ((get (const(
+  b1):(map a b)) a1) = b1).
+
+Inductive array (a:Type) :=
+  | mk_array : Z -> (map Z a) -> array a.
+Implicit Arguments mk_array.
+
+Definition elts (a:Type)(u:(array a)): (map Z a) :=
+  match u with
+  | mk_array _ elts1 => elts1
+  end.
+Implicit Arguments elts.
+
+Definition length (a:Type)(u:(array a)): Z :=
+  match u with
+  | mk_array length1 _ => length1
+  end.
+Implicit Arguments length.
+
+Definition get1 (a:Type)(a1:(array a)) (i:Z): a := (get (elts a1) i).
+Implicit Arguments get1.
+
+Definition set1 (a:Type)(a1:(array a)) (i:Z) (v:a): (array a) :=
+  match a1 with
+  | mk_array xcl0 _ => (mk_array xcl0 (set (elts a1) i v))
+  end.
+Implicit Arguments set1.
+
+Definition sorted_sub(a:(map Z Z)) (l:Z) (u:Z): Prop := forall (i1:Z) (i2:Z),
+  (((l <= i1)%Z /\ (i1 <= i2)%Z) /\ (i2 <  u)%Z) -> ((get a i1) <= (get a
+  i2))%Z.
+
+Definition sorted_sub1(a:(array Z)) (l:Z) (u:Z): Prop := (sorted_sub (elts a)
+  l u).
+
+Definition sorted(a:(array Z)): Prop := (sorted_sub (elts a) 0%Z (length a)).
+
+Definition map_eq_sub (a:Type)(a1:(map Z a)) (a2:(map Z a)) (l:Z)
+  (u:Z): Prop := forall (i:Z), ((l <= i)%Z /\ (i <  u)%Z) -> ((get a1
+  i) = (get a2 i)).
+Implicit Arguments map_eq_sub.
+
+Definition exchange (a:Type)(a1:(map Z a)) (a2:(map Z a)) (i:Z)
+  (j:Z): Prop := ((get a1 i) = (get a2 j)) /\ (((get a2 i) = (get a1 j)) /\
+  forall (k:Z), ((~ (k = i)) /\ ~ (k = j)) -> ((get a1 k) = (get a2 k))).
+Implicit Arguments exchange.
+
+Axiom exchange_set : forall (a:Type), forall (a1:(map Z a)), forall (i:Z)
+  (j:Z), (exchange a1 (set (set a1 i (get a1 j)) j (get a1 i)) i j).
+
+Inductive permut_sub{a:Type}  : (map Z a) -> (map Z a) -> Z -> Z -> Prop :=
+  | permut_refl : forall (a1:(map Z a)) (a2:(map Z a)), forall (l:Z) (u:Z),
+      (map_eq_sub a1 a2 l u) -> (permut_sub a1 a2 l u)
+  | permut_sym : forall (a1:(map Z a)) (a2:(map Z a)), forall (l:Z) (u:Z),
+      (permut_sub a1 a2 l u) -> (permut_sub a2 a1 l u)
+  | permut_trans : forall (a1:(map Z a)) (a2:(map Z a)) (a3:(map Z a)),
+      forall (l:Z) (u:Z), (permut_sub a1 a2 l u) -> ((permut_sub a2 a3 l
+      u) -> (permut_sub a1 a3 l u))
+  | permut_exchange : forall (a1:(map Z a)) (a2:(map Z a)), forall (l:Z)
+      (u:Z) (i:Z) (j:Z), ((l <= i)%Z /\ (i <  u)%Z) -> (((l <= j)%Z /\
+      (j <  u)%Z) -> ((exchange a1 a2 i j) -> (permut_sub a1 a2 l u))).
+Implicit Arguments permut_sub.
+
+Axiom permut_weakening : forall (a:Type), forall (a1:(map Z a)) (a2:(map Z
+  a)), forall (l1:Z) (r1:Z) (l2:Z) (r2:Z), (((l1 <= l2)%Z /\ (l2 <= r2)%Z) /\
+  (r2 <= r1)%Z) -> ((permut_sub a1 a2 l2 r2) -> (permut_sub a1 a2 l1 r1)).
+
+Axiom permut_eq : forall (a:Type), forall (a1:(map Z a)) (a2:(map Z a)),
+  forall (l:Z) (u:Z), (permut_sub a1 a2 l u) -> forall (i:Z), ((i <  l)%Z \/
+  (u <= i)%Z) -> ((get a2 i) = (get a1 i)).
+
+Axiom permut_exists : forall (a:Type), forall (a1:(map Z a)) (a2:(map Z a)),
+  forall (l:Z) (u:Z), (permut_sub a1 a2 l u) -> forall (i:Z), ((l <= i)%Z /\
+  (i <  u)%Z) -> exists j:Z, ((l <= j)%Z /\ (j <  u)%Z) /\ ((get a2
+  i) = (get a1 j)).
+
+Definition exchange1 (a:Type)(a1:(array a)) (a2:(array a)) (i:Z)
+  (j:Z): Prop := (exchange (elts a1) (elts a2) i j).
+Implicit Arguments exchange1.
+
+Definition permut_sub1 (a:Type)(a1:(array a)) (a2:(array a)) (l:Z)
+  (u:Z): Prop := (permut_sub (elts a1) (elts a2) l u).
+Implicit Arguments permut_sub1.
+
+Definition permut (a:Type)(a1:(array a)) (a2:(array a)): Prop :=
+  ((length a1) = (length a2)) /\ (permut_sub (elts a1) (elts a2) 0%Z
+  (length a1)).
+Implicit Arguments permut.
+
+Axiom exchange_permut : forall (a:Type), forall (a1:(array a)) (a2:(array a))
+  (i:Z) (j:Z), (exchange1 a1 a2 i j) -> (((length a1) = (length a2)) ->
+  (((0%Z <= i)%Z /\ (i <  (length a1))%Z) -> (((0%Z <= j)%Z /\
+  (j <  (length a1))%Z) -> (permut a1 a2)))).
+
+Axiom permut_sym1 : forall (a:Type), forall (a1:(array a)) (a2:(array a)),
+  (permut a1 a2) -> (permut a2 a1).
+
+Axiom permut_trans1 : forall (a:Type), forall (a1:(array a)) (a2:(array a))
+  (a3:(array a)), (permut a1 a2) -> ((permut a2 a3) -> (permut a1 a3)).
+
+Definition array_eq_sub (a:Type)(a1:(array a)) (a2:(array a)) (l:Z)
+  (u:Z): Prop := (map_eq_sub (elts a1) (elts a2) l u).
+Implicit Arguments array_eq_sub.
+
+Definition array_eq (a:Type)(a1:(array a)) (a2:(array a)): Prop :=
+  ((length a1) = (length a2)) /\ (array_eq_sub a1 a2 0%Z (length a1)).
+Implicit Arguments array_eq.
+
+Axiom array_eq_sub_permut : forall (a:Type), forall (a1:(array a)) (a2:(array
+  a)) (l:Z) (u:Z), (array_eq_sub a1 a2 l u) -> (permut_sub1 a1 a2 l u).
+
+Axiom array_eq_permut : forall (a:Type), forall (a1:(array a)) (a2:(array
+  a)), (array_eq a1 a2) -> (permut a1 a2).
+
+(* YOU MAY EDIT THE CONTEXT BELOW *)
+
+(* DO NOT EDIT BELOW *)
+
+Theorem WP_parameter_quick_rec : forall (t:Z), forall (l:Z), forall (r:Z),
+  forall (t1:(map Z Z)), ((0%Z <= l)%Z /\ (r <  t)%Z) -> ((l <  r)%Z ->
+  (((0%Z <= l)%Z /\ (l <  t)%Z) -> let result := (get t1 l) in
+  (((l + 1%Z)%Z <= r)%Z -> forall (m:Z), forall (t2:(map Z Z)), forall (i:Z),
+  (((l + 1%Z)%Z <= i)%Z /\ (i <= r)%Z) -> (((forall (j:Z), ((l <  j)%Z /\
+  (j <= m)%Z) -> ((get t2 j) <  result)%Z) /\ ((forall (j:Z), ((m <  j)%Z /\
+  (j <  i)%Z) -> (result <= (get t2 j))%Z) /\ ((permut_sub t1 t2 l
+  (r + 1%Z)%Z) /\ (((get t2 l) = result) /\ ((l <= m)%Z /\ (m <  i)%Z))))) ->
+  (((0%Z <= i)%Z /\ (i <  t)%Z) -> (((get t2 i) <  result)%Z ->
+  forall (m1:Z), (m1 = (m + 1%Z)%Z) -> ((((0%Z <= i)%Z /\ (i <  t)%Z) /\
+  ((0%Z <= m1)%Z /\ (m1 <  t)%Z)) -> forall (t3:(map Z Z)), (exchange t2 t3 i
+  m1) -> (permut_sub t1 t3 l (r + 1%Z)%Z)))))))).
+(* YOU MAY EDIT THE PROOF BELOW *)
+intuition.
+intuition.
+apply permut_trans with t2; auto.
+apply permut_exchange with i m1; try omega.
+auto.
+Qed.
+(* DO NOT EDIT BELOW *)
+
+
diff --git a/examples/programs/quicksort/quicksort_WP_Quicksort_WP_parameter_quick_rec_2.v b/examples/programs/quicksort/quicksort_WP_Quicksort_WP_parameter_quick_rec_2.v
index 4d6da50c8eeac9be89797f3d991bbecabdbc2c6c..81d34ff5b51685fb2b8b3a6a2daeb71abfaaeb04 100644
--- a/examples/programs/quicksort/quicksort_WP_Quicksort_WP_parameter_quick_rec_2.v
+++ b/examples/programs/quicksort/quicksort_WP_Quicksort_WP_parameter_quick_rec_2.v
@@ -6,11 +6,11 @@ Definition unit  := unit.
 
 Parameter mark : Type.
 
-Parameter at1: forall (a:Type), a -> mark  -> a.
+Parameter at1: forall (a:Type), a -> mark -> a.
 
 Implicit Arguments at1.
 
-Parameter old: forall (a:Type), a  -> a.
+Parameter old: forall (a:Type), a -> a.
 
 Implicit Arguments old.
 
@@ -26,11 +26,11 @@ Implicit Arguments contents.
 
 Parameter map : forall (a:Type) (b:Type), Type.
 
-Parameter get: forall (a:Type) (b:Type), (map a b) -> a  -> b.
+Parameter get: forall (a:Type) (b:Type), (map a b) -> a -> b.
 
 Implicit Arguments get.
 
-Parameter set: forall (a:Type) (b:Type), (map a b) -> a -> b  -> (map a b).
+Parameter set: forall (a:Type) (b:Type), (map a b) -> a -> b -> (map a b).
 
 Implicit Arguments set.
 
@@ -42,7 +42,7 @@ Axiom Select_neq : forall (a:Type) (b:Type), forall (m:(map a b)),
   forall (a1:a) (a2:a), forall (b1:b), (~ (a1 = a2)) -> ((get (set m a1 b1)
   a2) = (get m a2)).
 
-Parameter const: forall (b:Type) (a:Type), b  -> (map a b).
+Parameter const: forall (b:Type) (a:Type), b -> (map a b).
 
 Set Contextual Implicit.
 Implicit Arguments const.
@@ -142,6 +142,12 @@ Axiom exchange_permut : forall (a:Type), forall (a1:(array a)) (a2:(array a))
   (((0%Z <= i)%Z /\ (i <  (length a1))%Z) -> (((0%Z <= j)%Z /\
   (j <  (length a1))%Z) -> (permut a1 a2)))).
 
+Axiom permut_sym1 : forall (a:Type), forall (a1:(array a)) (a2:(array a)),
+  (permut a1 a2) -> (permut a2 a1).
+
+Axiom permut_trans1 : forall (a:Type), forall (a1:(array a)) (a2:(array a))
+  (a3:(array a)), (permut a1 a2) -> ((permut a2 a3) -> (permut a1 a3)).
+
 Definition array_eq_sub (a:Type)(a1:(array a)) (a2:(array a)) (l:Z)
   (u:Z): Prop := (map_eq_sub (elts a1) (elts a2) l u).
 Implicit Arguments array_eq_sub.
@@ -156,24 +162,28 @@ Axiom array_eq_sub_permut : forall (a:Type), forall (a1:(array a)) (a2:(array
 Axiom array_eq_permut : forall (a:Type), forall (a1:(array a)) (a2:(array
   a)), (array_eq a1 a2) -> (permut a1 a2).
 
+(* YOU MAY EDIT THE CONTEXT BELOW *)
+
+(* DO NOT EDIT BELOW *)
+
 Theorem WP_parameter_quick_rec : forall (t:Z), forall (l:Z), forall (r:Z),
   forall (t1:(map Z Z)), ((0%Z <= l)%Z /\ (r <  t)%Z) -> ((l <  r)%Z ->
   (((0%Z <= l)%Z /\ (l <  t)%Z) -> let result := (get t1 l) in
   (((l + 1%Z)%Z <= r)%Z -> forall (m:Z), forall (t2:(map Z Z)),
   ((forall (j:Z), ((l <  j)%Z /\ (j <= m)%Z) -> ((get t2 j) <  result)%Z) /\
   ((forall (j:Z), ((m <  j)%Z /\ (j <  (r + 1%Z)%Z)%Z) -> (result <= (get t2
-  j))%Z) /\ ((permut_sub t2 t1 l (r + 1%Z)%Z) /\ (((get t2 l) = result) /\
+  j))%Z) /\ ((permut_sub t1 t2 l (r + 1%Z)%Z) /\ (((get t2 l) = result) /\
   ((l <= m)%Z /\ (m <  (r + 1%Z)%Z)%Z))))) -> ((((0%Z <= l)%Z /\
   (l <  t)%Z) /\ ((0%Z <= m)%Z /\ (m <  t)%Z)) -> forall (t3:(map Z Z)),
-  (exchange t3 t2 l m) -> ((((0%Z <= ((1%Z + r)%Z - l)%Z)%Z /\
+  (exchange t2 t3 l m) -> ((((0%Z <= ((1%Z + r)%Z - l)%Z)%Z /\
   (((1%Z + (m - 1%Z)%Z)%Z - l)%Z <  ((1%Z + r)%Z - l)%Z)%Z) /\
   ((0%Z <= l)%Z /\ ((m - 1%Z)%Z <  t)%Z)) -> forall (t4:(map Z Z)),
-  ((sorted_sub t4 l ((m - 1%Z)%Z + 1%Z)%Z) /\ (permut_sub t4 t3 l
+  ((sorted_sub t4 l ((m - 1%Z)%Z + 1%Z)%Z) /\ (permut_sub t3 t4 l
   ((m - 1%Z)%Z + 1%Z)%Z)) -> ((((0%Z <= ((1%Z + r)%Z - l)%Z)%Z /\
   (((1%Z + r)%Z - (m + 1%Z)%Z)%Z <  ((1%Z + r)%Z - l)%Z)%Z) /\
   ((0%Z <= (m + 1%Z)%Z)%Z /\ (r <  t)%Z)) -> forall (t5:(map Z Z)),
-  ((sorted_sub t5 (m + 1%Z)%Z (r + 1%Z)%Z) /\ (permut_sub t5 t4 (m + 1%Z)%Z
-  (r + 1%Z)%Z)) -> ((sorted_sub t5 l (r + 1%Z)%Z) /\ (permut_sub t5 t1 l
+  ((sorted_sub t5 (m + 1%Z)%Z (r + 1%Z)%Z) /\ (permut_sub t4 t5 (m + 1%Z)%Z
+  (r + 1%Z)%Z)) -> ((sorted_sub t5 l (r + 1%Z)%Z) /\ (permut_sub t1 t5 l
   (r + 1%Z)%Z)))))))).
 (* YOU MAY EDIT THE PROOF BELOW *)
 intros n l r t1.
@@ -189,25 +199,27 @@ assert (h: (l <= i1 < m \/ m <= i1 <= r)%Z) by omega. destruct h.
 (* l <= i1 < m *)
 assert (eq: get t4 i1 = get t5 i1).
 apply permut_eq with (m+1)%Z (r+1)%Z; auto.
+apply permut_sym; auto.
 omega. rewrite <- eq; clear eq.
 assert (vi1: (get t4 i1 < v)%Z).
 assert (exists i3:Z, l <= i3 < m-1+1 /\ get t4 i1 = get t3 i3)%Z.
 apply permut_exists.
-apply permut_sym; auto.
+auto.
 omega.
 destruct H1 as (i3, (hi3, eq3)).
 rewrite eq3; clear eq3.
 assert (case: (i3 = l \/ l < i3)%Z) by omega. destruct case.
 subst i3.
-destruct exch as (h,_). rewrite h.
+destruct exch as (_,(h,_)). rewrite h.
 apply inv1; omega.
-destruct exch as (_,(_,h)). rewrite h; try omega.
+destruct exch as (_,(_,h)). rewrite <- h; try omega.
 apply inv1; omega.
 
 assert (h: (l <= i2 < m \/ m <= i2 <= r)%Z) by omega. destruct h.
 (* l <= i2 < m *)
 assert (eq: get t4 i2 = get t5 i2).
 apply permut_eq with (m+1)%Z (r+1)%Z; auto.
+apply permut_sym; auto.
 omega.
 rewrite <- eq; clear eq.
 apply lsorted; omega.
@@ -223,21 +235,24 @@ omega.
 red in exch; intuition.
 transitivity (get t4 m).
 apply permut_eq with l (m-1+1)%Z; auto.
+apply permut_sym; auto.
 omega.
 apply permut_eq with (m+1)%Z (r+1)%Z; auto.
+apply permut_sym; auto.
 omega.
 (* m < i2 *)
 assert (exists i3:Z, m+1 <= i3 < r+1 /\ get t5 i2 = get t4 i3)%Z.
 apply permut_exists.
-apply permut_sym; auto.
+auto.
 omega.
 destruct H3 as (i3, (hi3, eq3)).
 rewrite eq3; clear eq3.
 replace (get t4 i3) with (get t3 i3).
-destruct exch as (_,(_,hex)). rewrite hex.
+destruct exch as (_,(_,hex)). rewrite <- hex.
 apply inv2; omega.
 omega.
 apply permut_eq with l (m-1+1)%Z; auto.
+apply permut_sym; auto.
 omega.
 omega.
 
@@ -252,21 +267,24 @@ omega.
 red in exch; intuition.
 transitivity (get t4 m).
 apply permut_eq with l (m-1+1)%Z; auto.
+apply permut_sym; auto.
 omega.
 apply permut_eq with (m+1)%Z (r+1)%Z; auto.
+apply permut_sym; auto.
 omega.
 (* m < i1 *)
 assert (exists i3:Z, m+1 <= i3 < r+1 /\ get t5 i1 = get t4 i3)%Z.
 apply permut_exists.
-apply permut_sym; auto.
+auto.
 omega.
 destruct H2 as (i3, (hi3, eq3)).
 rewrite eq3; clear eq3.
 replace (get t4 i3) with (get t3 i3).
-destruct exch as (_,(_,hex)). rewrite hex.
+destruct exch as (_,(_,hex)). rewrite <-hex.
 apply inv2; omega.
 omega.
 apply permut_eq with l (m-1+1)%Z; auto.
+apply permut_sym; auto.
 omega.
 
 assert (h: (l <= i2 < m \/ m <= i2 <= r)%Z) by omega. destruct h.
@@ -283,12 +301,12 @@ assert (h: (i1 = m \/ m < i1)%Z) by omega. destruct h.
 subst i1.
 assert (exists i3:Z, m+1 <= i3 < r+1 /\ get t5 i2 = get t4 i3)%Z.
 apply permut_exists.
-apply permut_sym; auto.
+auto.
 omega.
 destruct H3 as (i3, (hi3, eq3)).
 rewrite eq3; clear eq3.
 replace (get t4 i3) with (get t3 i3).
-destruct exch as (ex1,(ex2,hex)). rewrite hex.
+destruct exch as (ex1,(ex2,hex)). rewrite <- hex.
 replace (get t5 m) with v.
 apply inv2; omega.
 replace (get t5 m) with (get t3 m).
@@ -296,25 +314,28 @@ replace (get t3 m) with (get t2 l).
 omega.
 transitivity (get t4 m).
 apply permut_eq with l (m-1+1)%Z; auto.
+apply permut_sym; auto.
 omega.
 apply permut_eq with (m+1)%Z (r+1)%Z; auto.
+apply permut_sym; auto.
 omega.
 omega.
 apply permut_eq with l (m-1+1)%Z; auto.
+apply permut_sym; auto.
 omega.
 (* m < i1 *)
 apply rsorted; try omega.
 
 (* permut *)
 apply permut_trans with t4.
-apply permut_weakening with (m+1)%Z (r+1)%Z; auto.
-omega.
 apply permut_trans with t3.
-apply permut_weakening with l (m-1+1)%Z; auto.
-omega.
 apply permut_trans with t2; auto.
 apply permut_exchange with l m; auto.
 omega.
+apply permut_weakening with l (m-1+1)%Z; auto.
+omega.
+apply permut_weakening with (m+1)%Z (r+1)%Z; auto.
+omega.
 Qed.
 (* DO NOT EDIT BELOW *)
 
diff --git a/examples/programs/quicksort/why3session.xml b/examples/programs/quicksort/why3session.xml
index 1c090afc5224b68f4fa2396c810d05bf13f38181..483756f36792a4558bd8d6e68d2b981e31993eb6 100644
--- a/examples/programs/quicksort/why3session.xml
+++ b/examples/programs/quicksort/why3session.xml
@@ -1,181 +1,198 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE why3session SYSTEM "why3session.dtd">
 <why3session name="examples/programs/quicksort/why3session.xml">
+ <prover id="alt-ergo" name="Alt-Ergo" version="0.93"/>
+ <prover id="coq" name="Coq" version="8.2pl1"/>
+ <prover id="cvc3" name="CVC3" version="2.2"/>
+ <prover id="eprover" name="Eprover" version="0.7 Dhajea"/>
+ <prover id="gappa" name="Gappa" version="0.14.0"/>
+ <prover id="simplify" name="Simplify" version="1.5.4"/>
+ <prover id="yices" name="Yices" version="1.0.13"/>
+ <prover id="z3" name="Z3" version="2.13"/>
  <file name="../quicksort.mlw" verified="true" expanded="true">
   <theory name="WP Quicksort" verified="true" expanded="true">
-   <goal name="WP_parameter swap" expl="correctness of parameter swap" sum="41390d74df59a170f969e943142ebb7b" proved="true" expanded="true">
+   <goal name="WP_parameter swap" expl="correctness of parameter swap" sum="adcea4f5b66a3944e98f3ead55235ee3" proved="true" expanded="false" shape="aexchangeV3V5V1V2Iainfix =V5asetV4V2agetV3V1FAainfix <V2V0Aainfix <=c0V2Iainfix =V4asetV3V1agetV3V2FAainfix <V1V0Aainfix <=c0V1Aainfix <V2V0Aainfix <=c0V2Aainfix <V1V0Aainfix <=c0V1Iainfix <V2V0Aainfix <=c0V2Aainfix <V1V0Aainfix <=c0V1FFFF">
     <proof prover="alt-ergo" timelimit="29" edited="" obsolete="false">
-     <result status="valid" time="0.04"/>
+     <result status="valid" time="0.03"/>
     </proof>
    </goal>
-   <goal name="WP_parameter quick_rec" expl="correctness of parameter quick_rec" sum="429418ca6a20864d185b961d43f30d8f" proved="true" expanded="true">
+   <goal name="WP_parameter quick_rec" expl="correctness of parameter quick_rec" sum="45560a20314d7b3f8ee03566ceca7e1d" proved="true" expanded="true" shape="iainfix <V1V2LagetV3V1apermut_subV3V9V1ainfix +V2c1Aasorted_subV9V1ainfix +V2c1Iapermut_subV8V9ainfix +V5c1ainfix +V2c1Aasorted_subV9ainfix +V5c1ainfix +V2c1FAainfix <V2V0Aainfix <=c0ainfix +V5c1Aainfix <ainfix -ainfix +c1V2ainfix +V5c1ainfix -ainfix +c1V2V1Aainfix <=c0ainfix -ainfix +c1V2V1Iapermut_subV7V8V1ainfix +ainfix -V5c1c1Aasorted_subV8V1ainfix +ainfix -V5c1c1FAainfix <ainfix -V5c1V0Aainfix <=c0V1Aainfix <ainfix -ainfix +c1ainfix -V5c1V1ainfix -ainfix +c1V2V1Aainfix <=c0ainfix -ainfix +c1V2V1IaexchangeV6V7V1V5FAainfix <V5V0Aainfix <=c0V5Aainfix <V1V0Aainfix <=c0V1Iainfix <V5ainfix +V2c1Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V10V4Iainfix <V10ainfix +V2c1Aainfix <V5V10FAainfix <agetV6V11V4Iainfix <=V11V5Aainfix <V1V11FAiainfix <agetV6V12V4ainfix <V13ainfix +V12c1Aainfix <=V1V13Aainfix =agetV14V1V4Aapermut_subV3V14V1ainfix +V2c1Aainfix >=agetV14V15V4Iainfix <V15ainfix +V12c1Aainfix <V13V15FAainfix <agetV14V16V4Iainfix <=V16V13Aainfix <V1V16FIaexchangeV6V14V12V13FAainfix <V13V0Aainfix <=c0V13Aainfix <V12V0Aainfix <=c0V12Iainfix =V13ainfix +V5c1Fainfix <V5ainfix +V12c1Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V17V4Iainfix <V17ainfix +V12c1Aainfix <V5V17FAainfix <agetV6V18V4Iainfix <=V18V5Aainfix <V1V18FAainfix <V12V0Aainfix <=c0V12Iainfix <V5V12Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V19V4Iainfix <V19V12Aainfix <V5V19FAainfix <agetV6V20V4Iainfix <=V20V5Aainfix <V1V20FIainfix <=V12V2Aainfix <=ainfix +V1c1V12FFFAainfix <V1ainfix +V1c1Aainfix <=V1V1Aainfix =agetV3V1V4Aapermut_subV3V3V1ainfix +V2c1Aainfix >=agetV3V21V4Iainfix <V21ainfix +V1c1Aainfix <V1V21FAainfix <agetV3V22V4Iainfix <=V22V1Aainfix <V1V22FIainfix <=ainfix +V1c1V2Aapermut_subV3V25V1ainfix +V2c1Aasorted_subV25V1ainfix +V2c1Iapermut_subV24V25ainfix +V1c1ainfix +V2c1Aasorted_subV25ainfix +V1c1ainfix +V2c1FAainfix <V2V0Aainfix <=c0ainfix +V1c1Aainfix <ainfix -ainfix +c1V2ainfix +V1c1ainfix -ainfix +c1V2V1Aainfix <=c0ainfix -ainfix +c1V2V1Iapermut_subV23V24V1ainfix +ainfix -V1c1c1Aasorted_subV24V1ainfix +ainfix -V1c1c1FAainfix <ainfix -V1c1V0Aainfix <=c0V1Aainfix <ainfix -ainfix +c1ainfix -V1c1V1ainfix -ainfix +c1V2V1Aainfix <=c0ainfix -ainfix +c1V2V1IaexchangeV3V23V1V1FAainfix <V1V0Aainfix <=c0V1Aainfix <V1V0Aainfix <=c0V1Iainfix >ainfix +V1c1V2Aainfix <V1V0Aainfix <=c0V1apermut_subV3V3V1ainfix +V2c1Aasorted_subV3V1ainfix +V2c1Iainfix <V2V0Aainfix <=c0V1FFFF">
     <transf name="split_goal" proved="true" expanded="true">
-     <goal name="WP_parameter quick_rec.1" expl="precondition" sum="afb020494e403a393ab8e90f692bc69b" proved="true" expanded="true">
+     <goal name="WP_parameter quick_rec.1" expl="precondition" sum="0f9df61c1f40d9e8f7abc6e76f723394" proved="true" expanded="false" shape="ainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
       <proof prover="alt-ergo" timelimit="29" edited="" obsolete="false">
-       <result status="valid" time="0.03"/>
+       <result status="valid" time="0.02"/>
       </proof>
      </goal>
-     <goal name="WP_parameter quick_rec.2" expl="precondition" sum="a3181f1907824ed087e006f87be7bd9e" proved="true" expanded="true">
+     <goal name="WP_parameter quick_rec.2" expl="precondition" sum="dd7eac9488e97090f53b847d1752f970" proved="true" expanded="false" shape="LagetV3V1ainfix <V1V0Aainfix <=c0V1Aainfix <V1V0Aainfix <=c0V1Iainfix >ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
       <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
        <result status="valid" time="0.02"/>
       </proof>
      </goal>
-     <goal name="WP_parameter quick_rec.3" expl="precondition" sum="8edc81919941af864219896fecd0637b" proved="true" expanded="true">
+     <goal name="WP_parameter quick_rec.3" expl="precondition" sum="7c9bbf86711a0a5c7b27474c4f5e5e35" proved="true" expanded="false" shape="LagetV3V1ainfix <ainfix -V1c1V0Aainfix <=c0V1Aainfix <ainfix -ainfix +c1ainfix -V1c1V1ainfix -ainfix +c1V2V1Aainfix <=c0ainfix -ainfix +c1V2V1IaexchangeV3V5V1V1FIainfix <V1V0Aainfix <=c0V1Aainfix <V1V0Aainfix <=c0V1Iainfix >ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
       <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-       <result status="valid" time="0.02"/>
+       <result status="valid" time="0.03"/>
       </proof>
      </goal>
-     <goal name="WP_parameter quick_rec.4" expl="precondition" sum="fb0adf4bd54b37761c3cde3fe39f670e" proved="true" expanded="true">
+     <goal name="WP_parameter quick_rec.4" expl="precondition" sum="7ab50fd2e3c933916d838f42a2943c3e" proved="true" expanded="false" shape="LagetV3V1ainfix <V2V0Aainfix <=c0ainfix +V1c1Aainfix <ainfix -ainfix +c1V2ainfix +V1c1ainfix -ainfix +c1V2V1Aainfix <=c0ainfix -ainfix +c1V2V1Iapermut_subV5V6V1ainfix +ainfix -V1c1c1Aasorted_subV6V1ainfix +ainfix -V1c1c1FIainfix <ainfix -V1c1V0Aainfix <=c0V1Aainfix <ainfix -ainfix +c1ainfix -V1c1V1ainfix -ainfix +c1V2V1Aainfix <=c0ainfix -ainfix +c1V2V1IaexchangeV3V5V1V1FIainfix <V1V0Aainfix <=c0V1Aainfix <V1V0Aainfix <=c0V1Iainfix >ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
       <proof prover="alt-ergo" timelimit="29" edited="" obsolete="false">
-       <result status="valid" time="0.02"/>
+       <result status="valid" time="0.00"/>
       </proof>
      </goal>
-     <goal name="WP_parameter quick_rec.5" expl="normal postcondition" sum="baa25029fb0a71d8acaf5f993d04baff" proved="true" expanded="true">
-      <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-       <result status="valid" time="0.03"/>
+     <goal name="WP_parameter quick_rec.5" expl="normal postcondition" sum="99fd4d87696fc6ea27a55c99ab33f3de" proved="true" expanded="false" shape="LagetV3V1apermut_subV3V7V1ainfix +V2c1Aasorted_subV7V1ainfix +V2c1Iapermut_subV6V7ainfix +V1c1ainfix +V2c1Aasorted_subV7ainfix +V1c1ainfix +V2c1FIainfix <V2V0Aainfix <=c0ainfix +V1c1Aainfix <ainfix -ainfix +c1V2ainfix +V1c1ainfix -ainfix +c1V2V1Aainfix <=c0ainfix -ainfix +c1V2V1Iapermut_subV5V6V1ainfix +ainfix -V1c1c1Aasorted_subV6V1ainfix +ainfix -V1c1c1FIainfix <ainfix -V1c1V0Aainfix <=c0V1Aainfix <ainfix -ainfix +c1ainfix -V1c1V1ainfix -ainfix +c1V2V1Aainfix <=c0ainfix -ainfix +c1V2V1IaexchangeV3V5V1V1FIainfix <V1V0Aainfix <=c0V1Aainfix <V1V0Aainfix <=c0V1Iainfix >ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
+      <proof prover="alt-ergo" timelimit="29" edited="" obsolete="false">
+       <result status="valid" time="0.02"/>
       </proof>
      </goal>
-     <goal name="WP_parameter quick_rec.6" expl="for loop initialization" sum="1c4177f71f9cbbbbbfd4115780641e1c" proved="true" expanded="true">
-      <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+     <goal name="WP_parameter quick_rec.6" expl="for loop initialization" sum="a89f782dd5e8aca00cc52dff6dee2ae6" proved="true" expanded="false" shape="LagetV3V1ainfix <V1ainfix +V1c1Aainfix <=V1V1Aainfix =agetV3V1V4Aapermut_subV3V3V1ainfix +V2c1Aainfix >=agetV3V5V4Iainfix <V5ainfix +V1c1Aainfix <V1V5FAainfix <agetV3V6V4Iainfix <=V6V1Aainfix <V1V6FIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
+      <proof prover="alt-ergo" timelimit="29" edited="" obsolete="false">
        <result status="valid" time="0.03"/>
       </proof>
      </goal>
-     <goal name="WP_parameter quick_rec.7" expl="for loop preservation" sum="889feaae94e94c3d8f72805ff307f9e9" proved="true" expanded="true">
+     <goal name="WP_parameter quick_rec.7" expl="for loop preservation" sum="697ac8a50f46fe08d91ebfa701144a95" proved="true" expanded="true" shape="LagetV3V1iainfix <agetV6V7V4ainfix <V8ainfix +V7c1Aainfix <=V1V8Aainfix =agetV9V1V4Aapermut_subV3V9V1ainfix +V2c1Aainfix >=agetV9V10V4Iainfix <V10ainfix +V7c1Aainfix <V8V10FAainfix <agetV9V11V4Iainfix <=V11V8Aainfix <V1V11FIaexchangeV6V9V7V8FAainfix <V8V0Aainfix <=c0V8Aainfix <V7V0Aainfix <=c0V7Iainfix =V8ainfix +V5c1Fainfix <V5ainfix +V7c1Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V12V4Iainfix <V12ainfix +V7c1Aainfix <V5V12FAainfix <agetV6V13V4Iainfix <=V13V5Aainfix <V1V13FAainfix <V7V0Aainfix <=c0V7Iainfix <V5V7Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V14V4Iainfix <V14V7Aainfix <V5V14FAainfix <agetV6V15V4Iainfix <=V15V5Aainfix <V1V15FIainfix <=V7V2Aainfix <=ainfix +V1c1V7FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
       <transf name="split_goal" proved="true" expanded="true">
-       <goal name="WP_parameter quick_rec.7.1" expl="for loop preservation" sum="9c0efe9ed6146211b6f0e90c55ea1c4a" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.7.1" expl="for loop preservation" sum="b35cde318ce44c2ac49d082de743295c" proved="true" expanded="false" shape="LagetV3V1ainfix <V7V0Aainfix <=c0V7Iainfix <V5V7Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V8V4Iainfix <V8V7Aainfix <V5V8FAainfix <agetV6V9V4Iainfix <=V9V5Aainfix <V1V9FIainfix <=V7V2Aainfix <=ainfix +V1c1V7FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.03"/>
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.7.2" expl="for loop preservation" sum="15a8b476dd7c6f8af9213b9b00a54641" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.7.2" expl="for loop preservation" sum="fa5831a6e9dfe64013d4fff4c68e1e28" proved="true" expanded="false" shape="LagetV3V1ainfix <V8V0Aainfix <=c0V8Aainfix <V7V0Aainfix <=c0V7Iainfix =V8ainfix +V5c1FIainfix <agetV6V7V4Iainfix <V7V0Aainfix <=c0V7Iainfix <V5V7Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V9V4Iainfix <V9V7Aainfix <V5V9FAainfix <agetV6V10V4Iainfix <=V10V5Aainfix <V1V10FIainfix <=V7V2Aainfix <=ainfix +V1c1V7FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.7.3" expl="for loop preservation" sum="228d233acd3a7e42d2e375f8e798d716" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.7.3" expl="for loop preservation" sum="d1e7aadb8a76517e6581ea273c118cf1" proved="true" expanded="false" shape="LagetV3V1ainfix <agetV9V10V4Iainfix <=V10V8Aainfix <V1V10FIaexchangeV6V9V7V8FIainfix <V8V0Aainfix <=c0V8Aainfix <V7V0Aainfix <=c0V7Iainfix =V8ainfix +V5c1FIainfix <agetV6V7V4Iainfix <V7V0Aainfix <=c0V7Iainfix <V5V7Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V11V4Iainfix <V11V7Aainfix <V5V11FAainfix <agetV6V12V4Iainfix <=V12V5Aainfix <V1V12FIainfix <=V7V2Aainfix <=ainfix +V1c1V7FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.04"/>
+         <result status="valid" time="0.06"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.7.4" expl="for loop preservation" sum="87f84d18958588ba63f323710cd9d25a" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.7.4" expl="for loop preservation" sum="63d62511b63ec5b244313c9cd9c96e66" proved="true" expanded="false" shape="LagetV3V1ainfix >=agetV9V10V4Iainfix <V10ainfix +V7c1Aainfix <V8V10FIaexchangeV6V9V7V8FIainfix <V8V0Aainfix <=c0V8Aainfix <V7V0Aainfix <=c0V7Iainfix =V8ainfix +V5c1FIainfix <agetV6V7V4Iainfix <V7V0Aainfix <=c0V7Iainfix <V5V7Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V11V4Iainfix <V11V7Aainfix <V5V11FAainfix <agetV6V12V4Iainfix <=V12V5Aainfix <V1V12FIainfix <=V7V2Aainfix <=ainfix +V1c1V7FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.06"/>
+         <result status="valid" time="0.05"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.7.5" expl="for loop preservation" sum="26d5fa5d233855efc8b3da64ecea09d1" proved="true" expanded="true">
-        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.38"/>
+       <goal name="WP_parameter quick_rec.7.5" expl="for loop preservation" sum="b653f0d6eec25492e7c9539261aa9653" proved="true" expanded="true" shape="LagetV3V1apermut_subV3V9V1ainfix +V2c1IaexchangeV6V9V7V8FIainfix <V8V0Aainfix <=c0V8Aainfix <V7V0Aainfix <=c0V7Iainfix =V8ainfix +V5c1FIainfix <agetV6V7V4Iainfix <V7V0Aainfix <=c0V7Iainfix <V5V7Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V10V4Iainfix <V10V7Aainfix <V5V10FAainfix <agetV6V11V4Iainfix <=V11V5Aainfix <V1V11FIainfix <=V7V2Aainfix <=ainfix +V1c1V7FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
+        <proof prover="coq" timelimit="10" edited="quicksort_WP_Quicksort_WP_parameter_quick_rec_1.v" obsolete="false">
+         <result status="valid" time="0.54"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.7.6" expl="for loop preservation" sum="1e708347df6438df8c3fa3628f6ebdec" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.7.6" expl="for loop preservation" sum="ca92753d87ff833568ebacba3be0bb5e" proved="true" expanded="false" shape="LagetV3V1ainfix =agetV9V1V4IaexchangeV6V9V7V8FIainfix <V8V0Aainfix <=c0V8Aainfix <V7V0Aainfix <=c0V7Iainfix =V8ainfix +V5c1FIainfix <agetV6V7V4Iainfix <V7V0Aainfix <=c0V7Iainfix <V5V7Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V10V4Iainfix <V10V7Aainfix <V5V10FAainfix <agetV6V11V4Iainfix <=V11V5Aainfix <V1V11FIainfix <=V7V2Aainfix <=ainfix +V1c1V7FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.03"/>
+         <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.7.7" expl="for loop preservation" sum="c1cae61d1f69fc8fb8ea60c2d075a36d" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.7.7" expl="for loop preservation" sum="10a1271abf74dcaab5eb8d11a70f8e37" proved="true" expanded="false" shape="LagetV3V1ainfix <=V1V8IaexchangeV6V9V7V8FIainfix <V8V0Aainfix <=c0V8Aainfix <V7V0Aainfix <=c0V7Iainfix =V8ainfix +V5c1FIainfix <agetV6V7V4Iainfix <V7V0Aainfix <=c0V7Iainfix <V5V7Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V10V4Iainfix <V10V7Aainfix <V5V10FAainfix <agetV6V11V4Iainfix <=V11V5Aainfix <V1V11FIainfix <=V7V2Aainfix <=ainfix +V1c1V7FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.7.8" expl="for loop preservation" sum="524f8413f2d8a9de2bd6a6ad2c4a088e" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.7.8" expl="for loop preservation" sum="0cb70eab5f85e561889e65653783e430" proved="true" expanded="false" shape="LagetV3V1ainfix <V8ainfix +V7c1IaexchangeV6V9V7V8FIainfix <V8V0Aainfix <=c0V8Aainfix <V7V0Aainfix <=c0V7Iainfix =V8ainfix +V5c1FIainfix <agetV6V7V4Iainfix <V7V0Aainfix <=c0V7Iainfix <V5V7Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V10V4Iainfix <V10V7Aainfix <V5V10FAainfix <agetV6V11V4Iainfix <=V11V5Aainfix <V1V11FIainfix <=V7V2Aainfix <=ainfix +V1c1V7FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="valid" time="0.03"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.7.9" expl="for loop preservation" sum="0b64cd1805d7a57e8bff8751f2baf675" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.7.9" expl="for loop preservation" sum="1b8935516af22da5a5c499e5d7f43c32" proved="true" expanded="false" shape="LagetV3V1ainfix <agetV6V8V4Iainfix <=V8V5Aainfix <V1V8FIainfix <agetV6V7V4NIainfix <V7V0Aainfix <=c0V7Iainfix <V5V7Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V9V4Iainfix <V9V7Aainfix <V5V9FAainfix <agetV6V10V4Iainfix <=V10V5Aainfix <V1V10FIainfix <=V7V2Aainfix <=ainfix +V1c1V7FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.7.10" expl="for loop preservation" sum="497463ab5695da47ad41c0201d93fbb4" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.7.10" expl="for loop preservation" sum="630205ef5434537e3e27ea38b2fa2eb6" proved="true" expanded="false" shape="LagetV3V1ainfix >=agetV6V8V4Iainfix <V8ainfix +V7c1Aainfix <V5V8FIainfix <agetV6V7V4NIainfix <V7V0Aainfix <=c0V7Iainfix <V5V7Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V9V4Iainfix <V9V7Aainfix <V5V9FAainfix <agetV6V10V4Iainfix <=V10V5Aainfix <V1V10FIainfix <=V7V2Aainfix <=ainfix +V1c1V7FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.03"/>
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.7.11" expl="for loop preservation" sum="2e8721d1670e2d8ec7740d91c87a9e61" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.7.11" expl="for loop preservation" sum="8b6bb807990b92de6773386d9ae4a548" proved="true" expanded="false" shape="LagetV3V1apermut_subV3V6V1ainfix +V2c1Iainfix <agetV6V7V4NIainfix <V7V0Aainfix <=c0V7Iainfix <V5V7Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V8V4Iainfix <V8V7Aainfix <V5V8FAainfix <agetV6V9V4Iainfix <=V9V5Aainfix <V1V9FIainfix <=V7V2Aainfix <=ainfix +V1c1V7FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.7.12" expl="for loop preservation" sum="bbf98e9044079713e7ab2698e11485bd" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.7.12" expl="for loop preservation" sum="64157676dc85739b66d0dbc99bad64d9" proved="true" expanded="false" shape="LagetV3V1ainfix =agetV6V1V4Iainfix <agetV6V7V4NIainfix <V7V0Aainfix <=c0V7Iainfix <V5V7Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V8V4Iainfix <V8V7Aainfix <V5V8FAainfix <agetV6V9V4Iainfix <=V9V5Aainfix <V1V9FIainfix <=V7V2Aainfix <=ainfix +V1c1V7FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.7.13" expl="for loop preservation" sum="72626c63afff611555f9e512efa1f1fc" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.7.13" expl="for loop preservation" sum="2c9cbdca98f1cb2bfe8b8ee7e2aa72c8" proved="true" expanded="false" shape="LagetV3V1ainfix <=V1V5Iainfix <agetV6V7V4NIainfix <V7V0Aainfix <=c0V7Iainfix <V5V7Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V8V4Iainfix <V8V7Aainfix <V5V8FAainfix <agetV6V9V4Iainfix <=V9V5Aainfix <V1V9FIainfix <=V7V2Aainfix <=ainfix +V1c1V7FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="valid" time="0.03"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.7.14" expl="for loop preservation" sum="d5eb94ee88f2a6582d26d227213096b3" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.7.14" expl="for loop preservation" sum="05ec95bf1e4b3b4e9d071c89d0cd529e" proved="true" expanded="false" shape="LagetV3V1ainfix <V5ainfix +V7c1Iainfix <agetV6V7V4NIainfix <V7V0Aainfix <=c0V7Iainfix <V5V7Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V8V4Iainfix <V8V7Aainfix <V5V8FAainfix <agetV6V9V4Iainfix <=V9V5Aainfix <V1V9FIainfix <=V7V2Aainfix <=ainfix +V1c1V7FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.03"/>
         </proof>
        </goal>
       </transf>
      </goal>
-     <goal name="WP_parameter quick_rec.8" expl="precondition" sum="33039b31c9c6180ab52eaf5492f2bc01" proved="true" expanded="true">
-      <proof prover="alt-ergo" timelimit="29" edited="" obsolete="false">
-       <result status="valid" time="0.02"/>
-      </proof>
-     </goal>
-     <goal name="WP_parameter quick_rec.9" expl="precondition" sum="64b33af689e246d177effa0b1855ce6c" proved="true" expanded="true">
-      <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-       <result status="valid" time="0.04"/>
-      </proof>
-     </goal>
-     <goal name="WP_parameter quick_rec.10" expl="precondition" sum="ff22ded78eff20d1cfa55d773763a9d5" proved="true" expanded="true">
-      <transf name="split_goal" proved="true" expanded="true">
-       <goal name="WP_parameter quick_rec.10.1" expl="correctness of parameter quick_rec" sum="377daa4ea73659b14aa5f353a807b1cb" proved="true" expanded="true">
+     <goal name="WP_parameter quick_rec.8" expl="precondition" sum="e96d845a35788b3b6443cbe313b78fc2" proved="true" expanded="false" shape="LagetV3V1ainfix <V5V0Aainfix <=c0V5Aainfix <V1V0Aainfix <=c0V1Iainfix <V5ainfix +V2c1Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V7V4Iainfix <V7ainfix +V2c1Aainfix <V5V7FAainfix <agetV6V8V4Iainfix <=V8V5Aainfix <V1V8FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
+      <transf name="split_goal" proved="true" expanded="false">
+       <goal name="WP_parameter quick_rec.8.1" expl="correctness of parameter quick_rec" sum="24e09f8774a52d2df256e7934bdf5f19" proved="true" expanded="false" shape="LagetV3V1ainfix <=c0V1Iainfix <V5ainfix +V2c1Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V7V4Iainfix <V7ainfix +V2c1Aainfix <V5V7FAainfix <agetV6V8V4Iainfix <=V8V5Aainfix <V1V8FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.10.2" expl="correctness of parameter quick_rec" sum="89ea54e07fd5f22cfcb869807c6ccb81" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.8.2" expl="correctness of parameter quick_rec" sum="1d78a74bc4b911e6b61c63ba5ac4088e" proved="true" expanded="false" shape="LagetV3V1ainfix <V1V0Iainfix <V5ainfix +V2c1Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V7V4Iainfix <V7ainfix +V2c1Aainfix <V5V7FAainfix <agetV6V8V4Iainfix <=V8V5Aainfix <V1V8FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="valid" time="0.03"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.10.3" expl="correctness of parameter quick_rec" sum="ce9047573188eebeffdf2a00a09c300c" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.8.3" expl="correctness of parameter quick_rec" sum="5e7f8ca7764ecceaa5b16694e0615a9a" proved="true" expanded="false" shape="LagetV3V1ainfix <=c0V5Iainfix <V5ainfix +V2c1Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V7V4Iainfix <V7ainfix +V2c1Aainfix <V5V7FAainfix <agetV6V8V4Iainfix <=V8V5Aainfix <V1V8FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter quick_rec.10.4" expl="correctness of parameter quick_rec" sum="c13522eaa1a26354dd7afb46681cc4e8" proved="true" expanded="true">
+       <goal name="WP_parameter quick_rec.8.4" expl="correctness of parameter quick_rec" sum="0549bef83cbef5bdf672eee03cf401ec" proved="true" expanded="false" shape="LagetV3V1ainfix <V5V0Iainfix <V5ainfix +V2c1Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V7V4Iainfix <V7ainfix +V2c1Aainfix <V5V7FAainfix <agetV6V8V4Iainfix <=V8V5Aainfix <V1V8FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.03"/>
         </proof>
        </goal>
       </transf>
      </goal>
-     <goal name="WP_parameter quick_rec.11" expl="normal postcondition" sum="b47967b1a93e79f9a9584d7fb171ba01" proved="true" expanded="true">
-      <proof prover="coq" timelimit="10" edited="quicksort_WP_Quicksort_WP_parameter_quick_rec_2.v" obsolete="false">
-       <result status="valid" time="2.27"/>
-      </proof>
-     </goal>
-     <goal name="WP_parameter quick_rec.12" expl="normal postcondition" sum="34d47e5d2d59419520785959c4866c68" proved="true" expanded="true">
-      <proof prover="alt-ergo" timelimit="29" edited="" obsolete="false">
+     <goal name="WP_parameter quick_rec.9" expl="precondition" sum="8980c24253ed4aa317cad1969c2eed40" proved="true" expanded="false" shape="LagetV3V1ainfix <ainfix -V5c1V0Aainfix <=c0V1Aainfix <ainfix -ainfix +c1ainfix -V5c1V1ainfix -ainfix +c1V2V1Aainfix <=c0ainfix -ainfix +c1V2V1IaexchangeV6V7V1V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V1V0Aainfix <=c0V1Iainfix <V5ainfix +V2c1Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V8V4Iainfix <V8ainfix +V2c1Aainfix <V5V8FAainfix <agetV6V9V4Iainfix <=V9V5Aainfix <V1V9FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
+      <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
        <result status="valid" time="0.04"/>
       </proof>
      </goal>
-    </transf>
-   </goal>
-   <goal name="WP_parameter quicksort" expl="correctness of parameter quicksort" sum="f4bb2417ab497ffde7f96bb0a1dd4587" proved="true" expanded="true">
-    <transf name="split_goal" proved="true" expanded="true">
-     <goal name="WP_parameter quicksort.1" expl="precondition" sum="4da62dee020a36946666099e79806868" proved="true" expanded="true">
+     <goal name="WP_parameter quick_rec.10" expl="precondition" sum="adc9f5d7f027684a6a6a3921a969df9f" proved="true" expanded="false" shape="LagetV3V1ainfix <V2V0Aainfix <=c0ainfix +V5c1Aainfix <ainfix -ainfix +c1V2ainfix +V5c1ainfix -ainfix +c1V2V1Aainfix <=c0ainfix -ainfix +c1V2V1Iapermut_subV7V8V1ainfix +ainfix -V5c1c1Aasorted_subV8V1ainfix +ainfix -V5c1c1FIainfix <ainfix -V5c1V0Aainfix <=c0V1Aainfix <ainfix -ainfix +c1ainfix -V5c1V1ainfix -ainfix +c1V2V1Aainfix <=c0ainfix -ainfix +c1V2V1IaexchangeV6V7V1V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V1V0Aainfix <=c0V1Iainfix <V5ainfix +V2c1Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V9V4Iainfix <V9ainfix +V2c1Aainfix <V5V9FAainfix <agetV6V10V4Iainfix <=V10V5Aainfix <V1V10FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
       <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
        <result status="valid" time="0.02"/>
       </proof>
      </goal>
-     <goal name="WP_parameter quicksort.2" expl="normal postcondition" sum="e3ed7aa7c2a41c52acb920e4e3a3d9f0" proved="true" expanded="true">
+     <goal name="WP_parameter quick_rec.11" expl="normal postcondition" sum="e6154b80bd80419ed406b8f61a9c9902" proved="true" expanded="false" shape="LagetV3V1apermut_subV3V9V1ainfix +V2c1Aasorted_subV9V1ainfix +V2c1Iapermut_subV8V9ainfix +V5c1ainfix +V2c1Aasorted_subV9ainfix +V5c1ainfix +V2c1FIainfix <V2V0Aainfix <=c0ainfix +V5c1Aainfix <ainfix -ainfix +c1V2ainfix +V5c1ainfix -ainfix +c1V2V1Aainfix <=c0ainfix -ainfix +c1V2V1Iapermut_subV7V8V1ainfix +ainfix -V5c1c1Aasorted_subV8V1ainfix +ainfix -V5c1c1FIainfix <ainfix -V5c1V0Aainfix <=c0V1Aainfix <ainfix -ainfix +c1ainfix -V5c1V1ainfix -ainfix +c1V2V1Aainfix <=c0ainfix -ainfix +c1V2V1IaexchangeV6V7V1V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V1V0Aainfix <=c0V1Iainfix <V5ainfix +V2c1Aainfix <=V1V5Aainfix =agetV6V1V4Aapermut_subV3V6V1ainfix +V2c1Aainfix >=agetV6V10V4Iainfix <V10ainfix +V2c1Aainfix <V5V10FAainfix <agetV6V11V4Iainfix <=V11V5Aainfix <V1V11FFFIainfix <=ainfix +V1c1V2Iainfix <V1V0Aainfix <=c0V1Iainfix <V1V2Iainfix <V2V0Aainfix <=c0V1FFFF">
+      <proof prover="coq" timelimit="10" edited="quicksort_WP_Quicksort_WP_parameter_quick_rec_2.v" obsolete="false">
+       <result status="valid" time="1.71"/>
+      </proof>
+     </goal>
+     <goal name="WP_parameter quick_rec.12" expl="normal postcondition" sum="37e1d15c448a3d2bae91e1874ae68230" proved="true" expanded="false" shape="apermut_subV3V3V1ainfix +V2c1Aasorted_subV3V1ainfix +V2c1Iainfix <V1V2NIainfix <V2V0Aainfix <=c0V1FFFF">
+      <transf name="split_goal" proved="true" expanded="false">
+       <goal name="WP_parameter quick_rec.12.1" expl="correctness of parameter quick_rec" sum="1a0cf4a00020ec5d8455beffe62044de" proved="true" expanded="false" shape="asorted_subV3V1ainfix +V2c1Iainfix <V1V2NIainfix <V2V0Aainfix <=c0V1FFFF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.02"/>
+        </proof>
+       </goal>
+       <goal name="WP_parameter quick_rec.12.2" expl="correctness of parameter quick_rec" sum="943ebf963012a1907d451a3ca158fc15" proved="true" expanded="false" shape="apermut_subV3V3V1ainfix +V2c1Iainfix <V1V2NIainfix <V2V0Aainfix <=c0V1FFFF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.01"/>
+        </proof>
+       </goal>
+      </transf>
+     </goal>
+    </transf>
+   </goal>
+   <goal name="WP_parameter quicksort" expl="correctness of parameter quicksort" sum="2eaa2b411eb9f7fd8130151605e5f0fe" proved="true" expanded="false" shape="Lamk arrayV0V2apermutamk arrayV0V1V3AasortedV3Iapermut_subV1V2c0ainfix +ainfix -V0c1c1Aasorted_subV2c0ainfix +ainfix -V0c1c1FAainfix <ainfix -V0c1V0Aainfix <=c0c0FF">
+    <transf name="split_goal" proved="true" expanded="false">
+     <goal name="WP_parameter quicksort.1" expl="precondition" sum="5d36e3c8102d1af83189d3077dd851cd" proved="true" expanded="false" shape="ainfix <ainfix -V0c1V0Aainfix <=c0c0FF">
       <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
        <result status="valid" time="0.03"/>
       </proof>
       <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-       <result status="valid" time="0.06"/>
+       <result status="valid" time="0.01"/>
       </proof>
       <proof prover="z3" timelimit="10" edited="" obsolete="false">
-       <result status="valid" time="0.06"/>
+       <result status="valid" time="0.01"/>
+      </proof>
+     </goal>
+     <goal name="WP_parameter quicksort.2" expl="normal postcondition" sum="1144dbf9fb53615cb4cb5997d08baab1" proved="true" expanded="false" shape="Lamk arrayV0V2apermutamk arrayV0V1V3AasortedV3Iapermut_subV1V2c0ainfix +ainfix -V0c1c1Aasorted_subV2c0ainfix +ainfix -V0c1c1FIainfix <ainfix -V0c1V0Aainfix <=c0c0FF">
+      <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+       <result status="valid" time="0.10"/>
       </proof>
      </goal>
     </transf>
diff --git a/examples/programs/selection_sort.mlw b/examples/programs/selection_sort.mlw
index 587cde8a6e3bdc7eae9c76043f72998a0e0d015b..3011696a917ad446a04e797a9d06e1541e56ba6d 100644
--- a/examples/programs/selection_sort.mlw
+++ b/examples/programs/selection_sort.mlw
@@ -15,7 +15,7 @@ module SelectionSort
     let v = a[i] in
     a[i] <- a[j];
     a[j] <- v
-    { exchange a (old a) i j }
+    { exchange (old a) a i j }
 
   let selection_sort (a: array int) =
     { }
@@ -23,7 +23,7 @@ module SelectionSort
     for i = 0 to length a - 1 do
       (* a[0..i[ is sorted; now find minimum of a[i..n[ *)
       invariant
-        { sorted_sub a 0 i /\ permut a (at a 'L) /\
+        { sorted_sub a 0 i /\ permut (at a 'L) a /\
           forall k1 k2: int. 0 <= k1 < i <= k2 < length a -> a[k1] <= a[k2] }
       let min = ref i in
       for j = i + 1 to length a - 1 do
@@ -33,9 +33,9 @@ module SelectionSort
       done;
 'L1:
       if !min <> i then swap a !min i;
-      assert { permut a (at a 'L1) }
+      assert { permut (at a 'L1) a }
     done
-    { sorted a /\ permut a (old a) }
+    { sorted a /\ permut (old a) a }
 
 end
 
diff --git a/examples/programs/selection_sort/selection_sort_WP_SelectionSort_WP_parameter_selection_sort_1.v b/examples/programs/selection_sort/selection_sort_WP_SelectionSort_WP_parameter_selection_sort_1.v
new file mode 100644
index 0000000000000000000000000000000000000000..619278b6fc14fb9e1cba23d701d43ad8eb6667e4
--- /dev/null
+++ b/examples/programs/selection_sort/selection_sort_WP_SelectionSort_WP_parameter_selection_sort_1.v
@@ -0,0 +1,189 @@
+(* This file is generated by Why3's Coq driver *)
+(* Beware! Only edit allowed sections below    *)
+Require Import ZArith.
+Require Import Rbase.
+Definition unit  := unit.
+
+Parameter mark : Type.
+
+Parameter at1: forall (a:Type), a -> mark -> a.
+
+Implicit Arguments at1.
+
+Parameter old: forall (a:Type), a -> a.
+
+Implicit Arguments old.
+
+Inductive ref (a:Type) :=
+  | mk_ref : a -> ref a.
+Implicit Arguments mk_ref.
+
+Definition contents (a:Type)(u:(ref a)): a :=
+  match u with
+  | mk_ref contents1 => contents1
+  end.
+Implicit Arguments contents.
+
+Parameter map : forall (a:Type) (b:Type), Type.
+
+Parameter get: forall (a:Type) (b:Type), (map a b) -> a -> b.
+
+Implicit Arguments get.
+
+Parameter set: forall (a:Type) (b:Type), (map a b) -> a -> b -> (map a b).
+
+Implicit Arguments set.
+
+Axiom Select_eq : forall (a:Type) (b:Type), forall (m:(map a b)),
+  forall (a1:a) (a2:a), forall (b1:b), (a1 = a2) -> ((get (set m a1 b1)
+  a2) = b1).
+
+Axiom Select_neq : forall (a:Type) (b:Type), forall (m:(map a b)),
+  forall (a1:a) (a2:a), forall (b1:b), (~ (a1 = a2)) -> ((get (set m a1 b1)
+  a2) = (get m a2)).
+
+Parameter const: forall (b:Type) (a:Type), b -> (map a b).
+
+Set Contextual Implicit.
+Implicit Arguments const.
+Unset Contextual Implicit.
+
+Axiom Const : forall (b:Type) (a:Type), forall (b1:b) (a1:a), ((get (const(
+  b1):(map a b)) a1) = b1).
+
+Inductive array (a:Type) :=
+  | mk_array : Z -> (map Z a) -> array a.
+Implicit Arguments mk_array.
+
+Definition elts (a:Type)(u:(array a)): (map Z a) :=
+  match u with
+  | mk_array _ elts1 => elts1
+  end.
+Implicit Arguments elts.
+
+Definition length (a:Type)(u:(array a)): Z :=
+  match u with
+  | mk_array length1 _ => length1
+  end.
+Implicit Arguments length.
+
+Definition get1 (a:Type)(a1:(array a)) (i:Z): a := (get (elts a1) i).
+Implicit Arguments get1.
+
+Definition set1 (a:Type)(a1:(array a)) (i:Z) (v:a): (array a) :=
+  match a1 with
+  | mk_array xcl0 _ => (mk_array xcl0 (set (elts a1) i v))
+  end.
+Implicit Arguments set1.
+
+Definition sorted_sub(a:(map Z Z)) (l:Z) (u:Z): Prop := forall (i1:Z) (i2:Z),
+  (((l <= i1)%Z /\ (i1 <= i2)%Z) /\ (i2 <  u)%Z) -> ((get a i1) <= (get a
+  i2))%Z.
+
+Definition sorted_sub1(a:(array Z)) (l:Z) (u:Z): Prop := (sorted_sub (elts a)
+  l u).
+
+Definition sorted(a:(array Z)): Prop := (sorted_sub (elts a) 0%Z (length a)).
+
+Definition map_eq_sub (a:Type)(a1:(map Z a)) (a2:(map Z a)) (l:Z)
+  (u:Z): Prop := forall (i:Z), ((l <= i)%Z /\ (i <  u)%Z) -> ((get a1
+  i) = (get a2 i)).
+Implicit Arguments map_eq_sub.
+
+Definition exchange (a:Type)(a1:(map Z a)) (a2:(map Z a)) (i:Z)
+  (j:Z): Prop := ((get a1 i) = (get a2 j)) /\ (((get a2 i) = (get a1 j)) /\
+  forall (k:Z), ((~ (k = i)) /\ ~ (k = j)) -> ((get a1 k) = (get a2 k))).
+Implicit Arguments exchange.
+
+Axiom exchange_set : forall (a:Type), forall (a1:(map Z a)), forall (i:Z)
+  (j:Z), (exchange a1 (set (set a1 i (get a1 j)) j (get a1 i)) i j).
+
+Inductive permut_sub{a:Type}  : (map Z a) -> (map Z a) -> Z -> Z -> Prop :=
+  | permut_refl : forall (a1:(map Z a)) (a2:(map Z a)), forall (l:Z) (u:Z),
+      (map_eq_sub a1 a2 l u) -> (permut_sub a1 a2 l u)
+  | permut_sym : forall (a1:(map Z a)) (a2:(map Z a)), forall (l:Z) (u:Z),
+      (permut_sub a1 a2 l u) -> (permut_sub a2 a1 l u)
+  | permut_trans : forall (a1:(map Z a)) (a2:(map Z a)) (a3:(map Z a)),
+      forall (l:Z) (u:Z), (permut_sub a1 a2 l u) -> ((permut_sub a2 a3 l
+      u) -> (permut_sub a1 a3 l u))
+  | permut_exchange : forall (a1:(map Z a)) (a2:(map Z a)), forall (l:Z)
+      (u:Z) (i:Z) (j:Z), ((l <= i)%Z /\ (i <  u)%Z) -> (((l <= j)%Z /\
+      (j <  u)%Z) -> ((exchange a1 a2 i j) -> (permut_sub a1 a2 l u))).
+Implicit Arguments permut_sub.
+
+Axiom permut_weakening : forall (a:Type), forall (a1:(map Z a)) (a2:(map Z
+  a)), forall (l1:Z) (r1:Z) (l2:Z) (r2:Z), (((l1 <= l2)%Z /\ (l2 <= r2)%Z) /\
+  (r2 <= r1)%Z) -> ((permut_sub a1 a2 l2 r2) -> (permut_sub a1 a2 l1 r1)).
+
+Axiom permut_eq : forall (a:Type), forall (a1:(map Z a)) (a2:(map Z a)),
+  forall (l:Z) (u:Z), (permut_sub a1 a2 l u) -> forall (i:Z), ((i <  l)%Z \/
+  (u <= i)%Z) -> ((get a2 i) = (get a1 i)).
+
+Axiom permut_exists : forall (a:Type), forall (a1:(map Z a)) (a2:(map Z a)),
+  forall (l:Z) (u:Z), (permut_sub a1 a2 l u) -> forall (i:Z), ((l <= i)%Z /\
+  (i <  u)%Z) -> exists j:Z, ((l <= j)%Z /\ (j <  u)%Z) /\ ((get a2
+  i) = (get a1 j)).
+
+Definition exchange1 (a:Type)(a1:(array a)) (a2:(array a)) (i:Z)
+  (j:Z): Prop := (exchange (elts a1) (elts a2) i j).
+Implicit Arguments exchange1.
+
+Definition permut_sub1 (a:Type)(a1:(array a)) (a2:(array a)) (l:Z)
+  (u:Z): Prop := (permut_sub (elts a1) (elts a2) l u).
+Implicit Arguments permut_sub1.
+
+Definition permut (a:Type)(a1:(array a)) (a2:(array a)): Prop :=
+  ((length a1) = (length a2)) /\ (permut_sub (elts a1) (elts a2) 0%Z
+  (length a1)).
+Implicit Arguments permut.
+
+Axiom exchange_permut : forall (a:Type), forall (a1:(array a)) (a2:(array a))
+  (i:Z) (j:Z), (exchange1 a1 a2 i j) -> (((length a1) = (length a2)) ->
+  (((0%Z <= i)%Z /\ (i <  (length a1))%Z) -> (((0%Z <= j)%Z /\
+  (j <  (length a1))%Z) -> (permut a1 a2)))).
+
+Axiom permut_refl1 : forall (a:Type), forall (a1:(array a)), (permut a1 a1).
+
+Axiom permut_sym1 : forall (a:Type), forall (a1:(array a)) (a2:(array a)),
+  (permut a1 a2) -> (permut a2 a1).
+
+Axiom permut_trans1 : forall (a:Type), forall (a1:(array a)) (a2:(array a))
+  (a3:(array a)), (permut a1 a2) -> ((permut a2 a3) -> (permut a1 a3)).
+
+Definition array_eq_sub (a:Type)(a1:(array a)) (a2:(array a)) (l:Z)
+  (u:Z): Prop := (map_eq_sub (elts a1) (elts a2) l u).
+Implicit Arguments array_eq_sub.
+
+Definition array_eq (a:Type)(a1:(array a)) (a2:(array a)): Prop :=
+  ((length a1) = (length a2)) /\ (array_eq_sub a1 a2 0%Z (length a1)).
+Implicit Arguments array_eq.
+
+Axiom array_eq_sub_permut : forall (a:Type), forall (a1:(array a)) (a2:(array
+  a)) (l:Z) (u:Z), (array_eq_sub a1 a2 l u) -> (permut_sub1 a1 a2 l u).
+
+Axiom array_eq_permut : forall (a:Type), forall (a1:(array a)) (a2:(array
+  a)), (array_eq a1 a2) -> (permut a1 a2).
+
+(* YOU MAY EDIT THE CONTEXT BELOW *)
+
+(* DO NOT EDIT BELOW *)
+
+Theorem WP_parameter_selection_sort : forall (a:Z), forall (a1:(map Z Z)),
+  (0%Z <= (a - 1%Z)%Z)%Z -> forall (a2:(map Z Z)), let a3 := (mk_array a
+  a2) in forall (i:Z), ((0%Z <= i)%Z /\ (i <= (a - 1%Z)%Z)%Z) ->
+  (((sorted_sub a2 0%Z i) /\ ((permut (mk_array a a1) a3) /\ forall (k1:Z)
+  (k2:Z), ((((0%Z <= k1)%Z /\ (k1 <  i)%Z) /\ (i <= k2)%Z) /\ (k2 <  a)%Z) ->
+  ((get a2 k1) <= (get a2 k2))%Z)) -> (((i + 1%Z)%Z <= (a - 1%Z)%Z)%Z ->
+  forall (min:Z), (((i <= min)%Z /\ (min <  ((a - 1%Z)%Z + 1%Z)%Z)%Z) /\
+  forall (k:Z), ((i <= k)%Z /\ (k <  ((a - 1%Z)%Z + 1%Z)%Z)%Z) -> ((get a2
+  min) <= (get a2 k))%Z) -> ((~ (min = i)) -> ((((0%Z <= min)%Z /\
+  (min <  a)%Z) /\ ((0%Z <= i)%Z /\ (i <  a)%Z)) -> forall (a4:(map Z Z)),
+  (exchange a2 a4 min i) -> (permut a3 (mk_array a a4)))))).
+(* YOU MAY EDIT THE PROOF BELOW *)
+intuition.
+intuition.
+apply exchange_permut with min i; auto.
+Qed.
+(* DO NOT EDIT BELOW *)
+
+
diff --git a/examples/programs/selection_sort/why3session.xml b/examples/programs/selection_sort/why3session.xml
index 690b1bcbc6ff0c33566ffb1759af837e3d8a3bde..e70a2131dc9cdb0ad5830a64339e63f049bab66d 100644
--- a/examples/programs/selection_sort/why3session.xml
+++ b/examples/programs/selection_sort/why3session.xml
@@ -1,132 +1,140 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE why3session SYSTEM "why3session.dtd">
 <why3session name="examples/programs/selection_sort/why3session.xml">
+ <prover id="alt-ergo" name="Alt-Ergo" version="0.93"/>
+ <prover id="coq" name="Coq" version="8.2pl1"/>
+ <prover id="cvc3" name="CVC3" version="2.2"/>
+ <prover id="eprover" name="Eprover" version="0.7 Dhajea"/>
+ <prover id="gappa" name="Gappa" version="0.14.0"/>
+ <prover id="simplify" name="Simplify" version="1.5.4"/>
+ <prover id="yices" name="Yices" version="1.0.13"/>
+ <prover id="z3" name="Z3" version="2.13"/>
  <file name="../selection_sort.mlw" verified="true" expanded="true">
   <theory name="WP SelectionSort" verified="true" expanded="true">
-   <goal name="WP_parameter swap" expl="correctness of parameter swap" sum="228748179ff91d7d4907ff8d193c120f" proved="true" expanded="true">
+   <goal name="WP_parameter swap" expl="correctness of parameter swap" sum="6c121f7f92f566ccd7b131abf46e9b3d" proved="true" expanded="true" shape="aexchangeV3V5V1V2Iainfix =V5asetV4V2agetV3V1FAainfix <V2V0Aainfix <=c0V2Iainfix =V4asetV3V1agetV3V2FAainfix <V1V0Aainfix <=c0V1Aainfix <V2V0Aainfix <=c0V2Aainfix <V1V0Aainfix <=c0V1Iainfix <V2V0Aainfix <=c0V2Aainfix <V1V0Aainfix <=c0V1FFFF">
     <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-     <result status="valid" time="0.03"/>
+     <result status="valid" time="0.02"/>
     </proof>
    </goal>
-   <goal name="WP_parameter selection_sort" expl="correctness of parameter selection_sort" sum="3106a444f67b92223abfee7626b7824d" proved="true" expanded="true">
+   <goal name="WP_parameter selection_sort" expl="correctness of parameter selection_sort" sum="0951520a23de33e908caef19517a67a6" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3apermutV2V4AasortedV4Iainfix <=agetV3V5agetV3V6Iainfix <V6V0Aainfix <=ainfix +ainfix -V0c1c1V6Aainfix <V5ainfix +ainfix -V0c1c1Aainfix <=c0V5FAapermutV2V4Aasorted_subV3c0ainfix +ainfix -V0c1c1Aiainfix =V8V7NLamk arrayV0V9ainfix <=agetV9V11agetV9V12Iainfix <V12V0Aainfix <=ainfix +V7c1V12Aainfix <V11ainfix +V7c1Aainfix <=c0V11FAapermutV2V10Aasorted_subV9c0ainfix +V7c1AapermutV4V10IaexchangeV3V9V8V7FAainfix <V7V0Aainfix <=c0V7Aainfix <V8V0Aainfix <=c0V8ainfix <=agetV3V13agetV3V14Iainfix <V14V0Aainfix <=ainfix +V7c1V14Aainfix <V13ainfix +V7c1Aainfix <=c0V13FAapermutV2V4Aasorted_subV3c0ainfix +V7c1AapermutV4V4Iainfix <=agetV3V8agetV3V15Iainfix <V15ainfix +ainfix -V0c1c1Aainfix <=V7V15FAainfix <V8ainfix +ainfix -V0c1c1Aainfix <=V7V8Aiainfix <agetV3V16agetV3V8ainfix <=agetV3V17agetV3V18Iainfix <V18ainfix +V16c1Aainfix <=V7V18FAainfix <V17ainfix +V16c1Aainfix <=V7V17Iainfix =V17V16Fainfix <=agetV3V8agetV3V19Iainfix <V19ainfix +V16c1Aainfix <=V7V19FAainfix <V8ainfix +V16c1Aainfix <=V7V8Aainfix <V8V0Aainfix <=c0V8Aainfix <V16V0Aainfix <=c0V16Iainfix <=agetV3V8agetV3V20Iainfix <V20V16Aainfix <=V7V20FAainfix <V8V16Aainfix <=V7V8Iainfix <=V16ainfix -V0c1Aainfix <=ainfix +V7c1V16FFAainfix <=agetV3V7agetV3V21Iainfix <V21ainfix +V7c1Aainfix <=V7V21FAainfix <V7ainfix +V7c1Aainfix <=V7V7Iainfix <=ainfix +V7c1ainfix -V0c1Aiainfix =V7V7NLamk arrayV0V22ainfix <=agetV22V24agetV22V25Iainfix <V25V0Aainfix <=ainfix +V7c1V25Aainfix <V24ainfix +V7c1Aainfix <=c0V24FAapermutV2V23Aasorted_subV22c0ainfix +V7c1AapermutV4V23IaexchangeV3V22V7V7FAainfix <V7V0Aainfix <=c0V7Aainfix <V7V0Aainfix <=c0V7ainfix <=agetV3V26agetV3V27Iainfix <V27V0Aainfix <=ainfix +V7c1V27Aainfix <V26ainfix +V7c1Aainfix <=c0V26FAapermutV2V4Aasorted_subV3c0ainfix +V7c1AapermutV4V4Iainfix >ainfix +V7c1ainfix -V0c1Iainfix <=agetV3V28agetV3V29Iainfix <V29V0Aainfix <=V7V29Aainfix <V28V7Aainfix <=c0V28FAapermutV2V4Aasorted_subV3c0V7Iainfix <=V7ainfix -V0c1Aainfix <=c0V7FFAainfix <=agetV1V30agetV1V31Iainfix <V31V0Aainfix <=c0V31Aainfix <V30c0Aainfix <=c0V30FAapermutV2V2Aasorted_subV1c0c0Iainfix <=c0ainfix -V0c1AapermutV2V2AasortedV2Iainfix >c0ainfix -V0c1FF">
     <transf name="split_goal" proved="true" expanded="true">
-     <goal name="WP_parameter selection_sort.1" expl="normal postcondition" sum="857fd3863b180eb0bc3f316dcaab5c5e" proved="true" expanded="true">
+     <goal name="WP_parameter selection_sort.1" expl="normal postcondition" sum="c39ef87568e7b4ff5b67daf71ba61e7f" proved="true" expanded="true" shape="Lamk arrayV0V1apermutV2V2AasortedV2Iainfix >c0ainfix -V0c1FF">
       <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-       <result status="valid" time="0.04"/>
+       <result status="valid" time="0.03"/>
       </proof>
      </goal>
-     <goal name="WP_parameter selection_sort.2" expl="for loop initialization" sum="d5cbd3f808e9743f9f999d44f7bb1cba" proved="true" expanded="true">
+     <goal name="WP_parameter selection_sort.2" expl="for loop initialization" sum="edb1f7146159b8bee3fbd596040e9480" proved="true" expanded="true" shape="Lamk arrayV0V1ainfix <=agetV1V3agetV1V4Iainfix <V4V0Aainfix <=c0V4Aainfix <V3c0Aainfix <=c0V3FAapermutV2V2Aasorted_subV1c0c0Iainfix <=c0ainfix -V0c1FF">
       <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
        <result status="valid" time="0.03"/>
       </proof>
      </goal>
-     <goal name="WP_parameter selection_sort.3" expl="for loop preservation" sum="67c41c15e213a16699f666348d7602c0" proved="true" expanded="true">
+     <goal name="WP_parameter selection_sort.3" expl="for loop preservation" sum="6111eabce69d6661378171a3fe347f7f" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3iainfix =V6V5NLamk arrayV0V7ainfix <=agetV7V9agetV7V10Iainfix <V10V0Aainfix <=ainfix +V5c1V10Aainfix <V9ainfix +V5c1Aainfix <=c0V9FAapermutV2V8Aasorted_subV7c0ainfix +V5c1AapermutV4V8IaexchangeV3V7V6V5FAainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6ainfix <=agetV3V11agetV3V12Iainfix <V12V0Aainfix <=ainfix +V5c1V12Aainfix <V11ainfix +V5c1Aainfix <=c0V11FAapermutV2V4Aasorted_subV3c0ainfix +V5c1AapermutV4V4Iainfix <=agetV3V6agetV3V13Iainfix <V13ainfix +ainfix -V0c1c1Aainfix <=V5V13FAainfix <V6ainfix +ainfix -V0c1c1Aainfix <=V5V6Aiainfix <agetV3V14agetV3V6ainfix <=agetV3V15agetV3V16Iainfix <V16ainfix +V14c1Aainfix <=V5V16FAainfix <V15ainfix +V14c1Aainfix <=V5V15Iainfix =V15V14Fainfix <=agetV3V6agetV3V17Iainfix <V17ainfix +V14c1Aainfix <=V5V17FAainfix <V6ainfix +V14c1Aainfix <=V5V6Aainfix <V6V0Aainfix <=c0V6Aainfix <V14V0Aainfix <=c0V14Iainfix <=agetV3V6agetV3V18Iainfix <V18V14Aainfix <=V5V18FAainfix <V6V14Aainfix <=V5V6Iainfix <=V14ainfix -V0c1Aainfix <=ainfix +V5c1V14FFAainfix <=agetV3V5agetV3V19Iainfix <V19ainfix +V5c1Aainfix <=V5V19FAainfix <V5ainfix +V5c1Aainfix <=V5V5Iainfix <=ainfix +V5c1ainfix -V0c1Aiainfix =V5V5NLamk arrayV0V20ainfix <=agetV20V22agetV20V23Iainfix <V23V0Aainfix <=ainfix +V5c1V23Aainfix <V22ainfix +V5c1Aainfix <=c0V22FAapermutV2V21Aasorted_subV20c0ainfix +V5c1AapermutV4V21IaexchangeV3V20V5V5FAainfix <V5V0Aainfix <=c0V5Aainfix <V5V0Aainfix <=c0V5ainfix <=agetV3V24agetV3V25Iainfix <V25V0Aainfix <=ainfix +V5c1V25Aainfix <V24ainfix +V5c1Aainfix <=c0V24FAapermutV2V4Aasorted_subV3c0ainfix +V5c1AapermutV4V4Iainfix >ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V26agetV3V27Iainfix <V27V0Aainfix <=V5V27Aainfix <V26V5Aainfix <=c0V26FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
       <transf name="split_goal" proved="true" expanded="true">
-       <goal name="WP_parameter selection_sort.3.1" expl="for loop preservation" sum="4aec836f88e1c806f7e3eea168fa16e9" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.1" expl="for loop preservation" sum="fe11c269349ea5acfc8a87cce8f4f0a4" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3ainfix <V5V0Aainfix <=c0V5Aainfix <V5V0Aainfix <=c0V5Iainfix =V5V5NIainfix >ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V6agetV3V7Iainfix <V7V0Aainfix <=V5V7Aainfix <V6V5Aainfix <=c0V6FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.2" expl="for loop preservation" sum="1d1c96452b82d8451aa921e3c8d736a6" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.2" expl="for loop preservation" sum="9f92bfa327629d9442f636ae5b79f459" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3Lamk arrayV0V6apermutV4V7IaexchangeV3V6V5V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V5V0Aainfix <=c0V5Iainfix =V5V5NIainfix >ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V8agetV3V9Iainfix <V9V0Aainfix <=V5V9Aainfix <V8V5Aainfix <=c0V8FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.3" expl="for loop preservation" sum="71cf76990ad78646e7f1f32321647918" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.3" expl="for loop preservation" sum="dd0007442a5c83f270b97dc66ae23f3a" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3Lamk arrayV0V6asorted_subV6c0ainfix +V5c1IapermutV4V7IaexchangeV3V6V5V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V5V0Aainfix <=c0V5Iainfix =V5V5NIainfix >ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V8agetV3V9Iainfix <V9V0Aainfix <=V5V9Aainfix <V8V5Aainfix <=c0V8FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.4" expl="for loop preservation" sum="a0d01007d796241b9a581fa97297b18f" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.4" expl="for loop preservation" sum="f8beca5f018cb3e11b447262d9a6a799" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3Lamk arrayV0V6apermutV2V7IapermutV4V7IaexchangeV3V6V5V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V5V0Aainfix <=c0V5Iainfix =V5V5NIainfix >ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V8agetV3V9Iainfix <V9V0Aainfix <=V5V9Aainfix <V8V5Aainfix <=c0V8FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.5" expl="for loop preservation" sum="ba166b9099a09bbbbe184e86c9667b53" proved="true" expanded="true">
-        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.01"/>
-        </proof>
-       </goal>
-       <goal name="WP_parameter selection_sort.3.6" expl="for loop preservation" sum="5ffc6a2f871accc741bb70b6dbfadaa5" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.5" expl="for loop preservation" sum="ff746a793e37405fecebe5ad3effe5da" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3Lamk arrayV0V6ainfix <=agetV6V8agetV6V9Iainfix <V9V0Aainfix <=ainfix +V5c1V9Aainfix <V8ainfix +V5c1Aainfix <=c0V8FIapermutV4V7IaexchangeV3V6V5V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V5V0Aainfix <=c0V5Iainfix =V5V5NIainfix >ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V10agetV3V11Iainfix <V11V0Aainfix <=V5V11Aainfix <V10V5Aainfix <=c0V10FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.7" expl="for loop preservation" sum="6bd8ec7e14b55248d631f8f1a09bb41d" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.6" expl="for loop preservation" sum="0e4a1c7a80062ac20987c4e3dd6eea22" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3apermutV4V4Iainfix =V5V5NNIainfix >ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V6agetV3V7Iainfix <V7V0Aainfix <=V5V7Aainfix <V6V5Aainfix <=c0V6FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="valid" time="0.03"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.8" expl="for loop preservation" sum="d6ea1fee5a0681f22b996d0c55755733" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.7" expl="for loop preservation" sum="53540a57d692454b1d841ed9b12fcb2a" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3asorted_subV3c0ainfix +V5c1IapermutV4V4Iainfix =V5V5NNIainfix >ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V6agetV3V7Iainfix <V7V0Aainfix <=V5V7Aainfix <V6V5Aainfix <=c0V6FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.03"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.9" expl="for loop preservation" sum="c4cd2d59b40e73d3c4cfd5e854160739" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.8" expl="for loop preservation" sum="df47888db62c61041c2ed7b75c7ebd65" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3apermutV2V4IapermutV4V4Iainfix =V5V5NNIainfix >ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V6agetV3V7Iainfix <V7V0Aainfix <=V5V7Aainfix <V6V5Aainfix <=c0V6FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.10" expl="for loop preservation" sum="1c0c281ca52fb8cbf86b9f0fddc80fc7" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.9" expl="for loop preservation" sum="3c53e1cff07128ebd90e86e207345d9c" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3ainfix <=agetV3V6agetV3V7Iainfix <V7V0Aainfix <=ainfix +V5c1V7Aainfix <V6ainfix +V5c1Aainfix <=c0V6FIapermutV4V4Iainfix =V5V5NNIainfix >ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V8agetV3V9Iainfix <V9V0Aainfix <=V5V9Aainfix <V8V5Aainfix <=c0V8FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.03"/>
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.11" expl="for loop preservation" sum="6ddf6f53fb5249a56f11c28b809e625d" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.10" expl="for loop preservation" sum="f89577927959506bf2c5606af44d8a9b" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3ainfix <=agetV3V5agetV3V6Iainfix <V6ainfix +V5c1Aainfix <=V5V6FAainfix <V5ainfix +V5c1Aainfix <=V5V5Iainfix <=ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V7agetV3V8Iainfix <V8V0Aainfix <=V5V8Aainfix <V7V5Aainfix <=c0V7FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.06"/>
+         <result status="valid" time="0.01"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.12" expl="for loop preservation" sum="1b072b89c3b49b9a85c45e255b069a0d" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.11" expl="for loop preservation" sum="b11085c2e20aeb99ef66940a75fdf3c2" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3iainfix <agetV3V7agetV3V6ainfix <=agetV3V8agetV3V9Iainfix <V9ainfix +V7c1Aainfix <=V5V9FAainfix <V8ainfix +V7c1Aainfix <=V5V8Iainfix =V8V7Fainfix <=agetV3V6agetV3V10Iainfix <V10ainfix +V7c1Aainfix <=V5V10FAainfix <V6ainfix +V7c1Aainfix <=V5V6Aainfix <V6V0Aainfix <=c0V6Aainfix <V7V0Aainfix <=c0V7Iainfix <=agetV3V6agetV3V11Iainfix <V11V7Aainfix <=V5V11FAainfix <V6V7Aainfix <=V5V6Iainfix <=V7ainfix -V0c1Aainfix <=ainfix +V5c1V7FFIainfix <=ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V12agetV3V13Iainfix <V13V0Aainfix <=V5V13Aainfix <V12V5Aainfix <=c0V12FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.02"/>
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.13" expl="for loop preservation" sum="5ce0ebc0e9784b3d9e6d2bb31aba1a69" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.12" expl="for loop preservation" sum="4994c3a0bd3cdd9eb206013087d0ccc8" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3ainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6Iainfix =V6V5NIainfix <=agetV3V6agetV3V7Iainfix <V7ainfix +ainfix -V0c1c1Aainfix <=V5V7FAainfix <V6ainfix +ainfix -V0c1c1Aainfix <=V5V6FIainfix <=ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V8agetV3V9Iainfix <V9V0Aainfix <=V5V9Aainfix <V8V5Aainfix <=c0V8FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="2.54"/>
+         <result status="valid" time="0.03"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.14" expl="for loop preservation" sum="cc6519ab29dbdf9c1a4ca033bf119b7e" proved="true" expanded="true">
-        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.10"/>
+       <goal name="WP_parameter selection_sort.3.13" expl="for loop preservation" sum="be2940dd885a8ad430ad9f0c19955afd" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3Lamk arrayV0V7apermutV4V8IaexchangeV3V7V6V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6Iainfix =V6V5NIainfix <=agetV3V6agetV3V9Iainfix <V9ainfix +ainfix -V0c1c1Aainfix <=V5V9FAainfix <V6ainfix +ainfix -V0c1c1Aainfix <=V5V6FIainfix <=ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V10agetV3V11Iainfix <V11V0Aainfix <=V5V11Aainfix <V10V5Aainfix <=c0V10FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
+        <proof prover="coq" timelimit="10" edited="selection_sort_WP_SelectionSort_WP_parameter_selection_sort_1.v" obsolete="false">
+         <result status="valid" time="0.53"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.15" expl="for loop preservation" sum="e4d4299956fbff26b6803b3ecfadf1bb" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.14" expl="for loop preservation" sum="806e186e078f32b5ad1d4b34b107c522" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3Lamk arrayV0V7asorted_subV7c0ainfix +V5c1IapermutV4V8IaexchangeV3V7V6V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6Iainfix =V6V5NIainfix <=agetV3V6agetV3V9Iainfix <V9ainfix +ainfix -V0c1c1Aainfix <=V5V9FAainfix <V6ainfix +ainfix -V0c1c1Aainfix <=V5V6FIainfix <=ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V10agetV3V11Iainfix <V11V0Aainfix <=V5V11Aainfix <V10V5Aainfix <=c0V10FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.03"/>
+         <result status="valid" time="0.14"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.16" expl="for loop preservation" sum="90581f47163208cd13ddda9d6cdfe7ba" proved="true" expanded="true">
-        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.12"/>
+       <goal name="WP_parameter selection_sort.3.15" expl="for loop preservation" sum="a08dee7c7c359ccba570d68c60b8a1d6" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3Lamk arrayV0V7apermutV2V8IapermutV4V8IaexchangeV3V7V6V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6Iainfix =V6V5NIainfix <=agetV3V6agetV3V9Iainfix <V9ainfix +ainfix -V0c1c1Aainfix <=V5V9FAainfix <V6ainfix +ainfix -V0c1c1Aainfix <=V5V6FIainfix <=ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V10agetV3V11Iainfix <V11V0Aainfix <=V5V11Aainfix <V10V5Aainfix <=c0V10FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
+        <proof prover="cvc3" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.04"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.17" expl="for loop preservation" sum="82817514c8867cdf4eb6458833db4a2f" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.16" expl="for loop preservation" sum="72659d72b21d4196b202fa594decc9d2" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3Lamk arrayV0V7ainfix <=agetV7V9agetV7V10Iainfix <V10V0Aainfix <=ainfix +V5c1V10Aainfix <V9ainfix +V5c1Aainfix <=c0V9FIapermutV4V8IaexchangeV3V7V6V5FIainfix <V5V0Aainfix <=c0V5Aainfix <V6V0Aainfix <=c0V6Iainfix =V6V5NIainfix <=agetV3V6agetV3V11Iainfix <V11ainfix +ainfix -V0c1c1Aainfix <=V5V11FAainfix <V6ainfix +ainfix -V0c1c1Aainfix <=V5V6FIainfix <=ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V12agetV3V13Iainfix <V13V0Aainfix <=V5V13Aainfix <V12V5Aainfix <=c0V12FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.03"/>
+         <result status="valid" time="0.11"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.18" expl="for loop preservation" sum="ca979354c82f4835bfeb7a82013df410" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.17" expl="for loop preservation" sum="057269d80b3d7cc17a784cd696d7eef7" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3apermutV4V4Iainfix =V6V5NNIainfix <=agetV3V6agetV3V7Iainfix <V7ainfix +ainfix -V0c1c1Aainfix <=V5V7FAainfix <V6ainfix +ainfix -V0c1c1Aainfix <=V5V6FIainfix <=ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V8agetV3V9Iainfix <V9V0Aainfix <=V5V9Aainfix <V8V5Aainfix <=c0V8FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-         <result status="valid" time="0.04"/>
+         <result status="valid" time="0.02"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.19" expl="for loop preservation" sum="a86d2fd520ba8946cce2a8a7b0c55249" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.18" expl="for loop preservation" sum="93ab3465ce34b49058463da6c3663422" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3asorted_subV3c0ainfix +V5c1IapermutV4V4Iainfix =V6V5NNIainfix <=agetV3V6agetV3V7Iainfix <V7ainfix +ainfix -V0c1c1Aainfix <=V5V7FAainfix <V6ainfix +ainfix -V0c1c1Aainfix <=V5V6FIainfix <=ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V8agetV3V9Iainfix <V9V0Aainfix <=V5V9Aainfix <V8V5Aainfix <=c0V8FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.03"/>
         </proof>
        </goal>
-       <goal name="WP_parameter selection_sort.3.20" expl="for loop preservation" sum="acf6bc3b20f518616d069433125a24a7" proved="true" expanded="true">
+       <goal name="WP_parameter selection_sort.3.19" expl="for loop preservation" sum="3fec39c9523c67305f0c9f5f792775f8" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3apermutV2V4IapermutV4V4Iainfix =V6V5NNIainfix <=agetV3V6agetV3V7Iainfix <V7ainfix +ainfix -V0c1c1Aainfix <=V5V7FAainfix <V6ainfix +ainfix -V0c1c1Aainfix <=V5V6FIainfix <=ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V8agetV3V9Iainfix <V9V0Aainfix <=V5V9Aainfix <V8V5Aainfix <=c0V8FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
+        <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
+         <result status="valid" time="0.01"/>
+        </proof>
+       </goal>
+       <goal name="WP_parameter selection_sort.3.20" expl="for loop preservation" sum="3e133fe49c0fd6b1084559f7e5835688" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3ainfix <=agetV3V7agetV3V8Iainfix <V8V0Aainfix <=ainfix +V5c1V8Aainfix <V7ainfix +V5c1Aainfix <=c0V7FIapermutV4V4Iainfix =V6V5NNIainfix <=agetV3V6agetV3V9Iainfix <V9ainfix +ainfix -V0c1c1Aainfix <=V5V9FAainfix <V6ainfix +ainfix -V0c1c1Aainfix <=V5V6FIainfix <=ainfix +V5c1ainfix -V0c1Iainfix <=agetV3V10agetV3V11Iainfix <V11V0Aainfix <=V5V11Aainfix <V10V5Aainfix <=c0V10FAapermutV2V4Aasorted_subV3c0V5Iainfix <=V5ainfix -V0c1Aainfix <=c0V5FFIainfix <=c0ainfix -V0c1FF">
         <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
          <result status="valid" time="0.02"/>
         </proof>
        </goal>
       </transf>
      </goal>
-     <goal name="WP_parameter selection_sort.4" expl="normal postcondition" sum="1fe4a32b26a16b4ec4b5dac1d9b6ad28" proved="true" expanded="true">
+     <goal name="WP_parameter selection_sort.4" expl="normal postcondition" sum="190747b3a438072e4dc01f468114ca5e" proved="true" expanded="true" shape="Lamk arrayV0V1Lamk arrayV0V3apermutV2V4AasortedV4Iainfix <=agetV3V5agetV3V6Iainfix <V6V0Aainfix <=ainfix +ainfix -V0c1c1V6Aainfix <V5ainfix +ainfix -V0c1c1Aainfix <=c0V5FAapermutV2V4Aasorted_subV3c0ainfix +ainfix -V0c1c1FIainfix <=c0ainfix -V0c1FF">
       <proof prover="alt-ergo" timelimit="10" edited="" obsolete="false">
-       <result status="valid" time="0.03"/>
+       <result status="valid" time="0.02"/>
       </proof>
      </goal>
     </transf>
diff --git a/modules/array.mlw b/modules/array.mlw
index bcbdc36628faae3dcb4c215e8f506e9693ab53fd..813453197d1089dd80d8724d9307d352a05ee0a2 100644
--- a/modules/array.mlw
+++ b/modules/array.mlw
@@ -149,11 +149,19 @@ module ArrayPermut
     a1.length = a2.length /\ M.permut_sub a1.elts a2.elts 0 a1.length
 
   lemma exchange_permut:
-    forall a1 a2: array 'a, i j: int.
+    forall a1 a2: array 'a, i j: int [exchange a1 a2 i j].
     exchange a1 a2 i j -> a1.length = a2.length ->
     0 <= i < a1.length -> 0 <= j < a1.length ->
     permut a1 a2
 
+  lemma permut_sym:
+    forall a1 a2: array 'a.
+    permut a1 a2 -> permut a2 a1
+
+  lemma permut_trans:
+    forall a1 a2 a3: array 'a.
+    permut a1 a2 -> permut a2 a3 -> permut a1 a3
+
   use import module ArrayEq
 
   lemma array_eq_sub_permut: