updated proof sessions

parent d49323d1
......@@ -4,7 +4,6 @@ bignum.mlw
counting_sort.mlw
cursor.mlw
dijkstra.mlw
ewd673.mlw
fibonacci.mlw
find.mlw
gcd.mlw
......
......@@ -2,11 +2,11 @@
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="1" name="Alt-Ergo" version="0.99.1" timelimit="10" steplimit="0" memlimit="0"/>
<prover id="0" name="Alt-Ergo" version="1.30" timelimit="5" steplimit="0" memlimit="1000"/>
<file name="../ewd673.mlw" expanded="true">
<theory name="EWD673" sum="2b02e77f156f81ee6350f878ae56fdac" expanded="true">
<goal name="WP_parameter s" expl="VC for s" expanded="true">
<proof prover="1"><result status="valid" time="0.02" steps="14"/></proof>
<theory name="EWD673" sum="e7bab998fafc2d8047e6eb5f32022f78" expanded="true">
<goal name="VC s" expl="VC for s" expanded="true">
<proof prover="0"><result status="valid" time="0.00" steps="17"/></proof>
</goal>
</theory>
</file>
......
......@@ -4,75 +4,98 @@
<why3session shape_version="4">
<prover id="0" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="1" name="CVC4" version="1.4" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="2" name="Alt-Ergo" version="1.30" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="4" name="Alt-Ergo" version="0.99.1" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="5" name="Z3" version="4.3.2" timelimit="5" steplimit="0" memlimit="1000"/>
<file name="../sum_of_digits.mlw" expanded="true">
<theory name="Euler290" sum="18226cdd8c439a37143a6081d0907d85" expanded="true">
<theory name="Euler290" sum="de21b6f79c64645f04c593651846b097" expanded="true">
<goal name="Base">
<proof prover="4" timelimit="10"><result status="valid" time="0.01" steps="10"/></proof>
<proof prover="2"><result status="valid" time="0.01" steps="7"/></proof>
<proof prover="4" timelimit="10" obsolete="true"><result status="valid" time="0.01" steps="10"/></proof>
</goal>
<goal name="Empty">
<proof prover="4" timelimit="10"><result status="valid" time="0.07" steps="71"/></proof>
<proof prover="2"><result status="valid" time="0.02" steps="58"/></proof>
<proof prover="4" timelimit="10" obsolete="true"><result status="valid" time="0.07" steps="71"/></proof>
</goal>
<goal name="Induc" expanded="true">
</goal>
<goal name="WP_parameter sd" expl="VC for sd">
<proof prover="0"><result status="valid" time="0.03"/></proof>
<proof prover="5"><result status="valid" time="0.44"/></proof>
<goal name="VC sd" expl="VC for sd">
<proof prover="0" obsolete="true"><result status="valid" time="0.03"/></proof>
<proof prover="2"><result status="valid" time="0.04" steps="19"/></proof>
<proof prover="5" obsolete="true"><result status="valid" time="0.44"/></proof>
</goal>
<goal name="WP_parameter f" expl="VC for f">
<goal name="VC f" expl="VC for f">
<transf name="split_goal_wp">
<goal name="WP_parameter f.1" expl="1. assertion">
<proof prover="1"><result status="valid" time="0.02"/></proof>
<goal name="VC f.1" expl="1. assertion">
<proof prover="1" obsolete="true"><result status="valid" time="0.02"/></proof>
<proof prover="2"><result status="valid" time="0.00" steps="5"/></proof>
</goal>
<goal name="WP_parameter f.2" expl="2. assertion">
<goal name="VC f.2" expl="2. assertion">
<proof prover="1"><result status="valid" time="2.70"/></proof>
<proof prover="2"><result status="valid" time="2.17" steps="310"/></proof>
</goal>
<goal name="WP_parameter f.3" expl="3. precondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
<goal name="VC f.3" expl="3. precondition">
<proof prover="1" obsolete="true"><result status="valid" time="0.02"/></proof>
<proof prover="2"><result status="valid" time="0.00" steps="5"/></proof>
</goal>
<goal name="WP_parameter f.4" expl="4. postcondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
<goal name="VC f.4" expl="4. postcondition">
<proof prover="1" obsolete="true"><result status="valid" time="0.03"/></proof>
<proof prover="2"><result status="valid" time="0.00" steps="13"/></proof>
</goal>
<goal name="WP_parameter f.5" expl="5. postcondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
<proof prover="4"><result status="valid" time="0.02" steps="3"/></proof>
<goal name="VC f.5" expl="5. loop bounds">
<proof prover="2"><result status="valid" time="0.00" steps="4"/></proof>
</goal>
<goal name="WP_parameter f.6" expl="6. loop invariant init">
<proof prover="1"><result status="valid" time="0.03"/></proof>
<proof prover="4"><result status="valid" time="0.03" steps="6"/></proof>
<goal name="VC f.6" expl="6. loop invariant init">
<proof prover="1" obsolete="true"><result status="valid" time="0.03"/></proof>
<proof prover="2"><result status="valid" time="0.00" steps="5"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.03" steps="6"/></proof>
</goal>
<goal name="WP_parameter f.7" expl="7. variant decrease">
<proof prover="1"><result status="valid" time="0.02"/></proof>
<proof prover="4"><result status="valid" time="0.02" steps="7"/></proof>
<goal name="VC f.7" expl="7. precondition">
<proof prover="2"><result status="valid" time="0.00" steps="7"/></proof>
</goal>
<goal name="WP_parameter f.8" expl="8. precondition">
<proof prover="1"><result status="valid" time="0.03"/></proof>
<proof prover="4"><result status="valid" time="0.02" steps="10"/></proof>
<goal name="VC f.8" expl="8. precondition">
<proof prover="1" obsolete="true"><result status="valid" time="0.02"/></proof>
<proof prover="2"><result status="valid" time="0.00" steps="7"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.02" steps="3"/></proof>
</goal>
<goal name="WP_parameter f.9" expl="9. assertion">
<goal name="VC f.9" expl="9. variant decrease">
<proof prover="1" obsolete="true"><result status="valid" time="0.02"/></proof>
<proof prover="2"><result status="valid" time="0.01" steps="7"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.02" steps="7"/></proof>
</goal>
<goal name="VC f.10" expl="10. precondition">
<proof prover="1" obsolete="true"><result status="valid" time="0.03"/></proof>
<proof prover="2"><result status="valid" time="0.01" steps="10"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.02" steps="10"/></proof>
</goal>
<goal name="VC f.11" expl="11. assertion">
<transf name="split_goal_wp">
<goal name="WP_parameter f.9.1" expl="1. VC for f">
<proof prover="1"><result status="valid" time="0.04"/></proof>
<proof prover="4"><result status="valid" time="0.16" steps="38"/></proof>
<goal name="VC f.11.1" expl="1. VC for f">
<proof prover="1" obsolete="true"><result status="valid" time="0.04"/></proof>
<proof prover="2"><result status="valid" time="0.01" steps="9"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.16" steps="38"/></proof>
</goal>
<goal name="WP_parameter f.9.2" expl="2. VC for f">
<proof prover="1"><result status="valid" time="0.03"/></proof>
<proof prover="4"><result status="valid" time="0.07" steps="26"/></proof>
<goal name="VC f.11.2" expl="2. VC for f">
<proof prover="1" obsolete="true"><result status="valid" time="0.03"/></proof>
<proof prover="2"><result status="valid" time="0.01" steps="11"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.07" steps="26"/></proof>
</goal>
<goal name="WP_parameter f.9.3" expl="3. VC for f">
<proof prover="4"><result status="valid" time="0.01" steps="14"/></proof>
<goal name="VC f.11.3" expl="3. VC for f">
<proof prover="2"><result status="valid" time="0.02" steps="26"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.01" steps="14"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter f.10" expl="10. loop invariant preservation">
<proof prover="0"><result status="valid" time="0.02"/></proof>
<proof prover="1"><result status="valid" time="0.03"/></proof>
<proof prover="4"><result status="valid" time="0.02" steps="16"/></proof>
<goal name="VC f.12" expl="12. loop invariant preservation">
<proof prover="0" obsolete="true"><result status="valid" time="0.02"/></proof>
<proof prover="1" obsolete="true"><result status="valid" time="0.03"/></proof>
<proof prover="2"><result status="valid" time="0.01" steps="13"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.02" steps="16"/></proof>
</goal>
<goal name="WP_parameter f.11" expl="11. postcondition">
<proof prover="1"><result status="valid" time="0.02"/></proof>
<proof prover="4"><result status="valid" time="0.01" steps="6"/></proof>
<goal name="VC f.13" expl="13. postcondition">
<proof prover="1" obsolete="true"><result status="valid" time="0.02"/></proof>
<proof prover="2"><result status="valid" time="0.00" steps="6"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.01" steps="6"/></proof>
</goal>
</transf>
</goal>
......
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Require Import BuiltIn.
Require BuiltIn.
Require HighOrd.
Require int.Int.
(* Why3 assumption *)
Definition unit := unit.
Definition unit := unit.
Parameter t : Type.
Parameter iter: forall {a:Type} {a_WT:WhyType a}, (a -> a) -> Z -> a -> a.
Parameter f: t -> t.
Axiom iter_def : forall {a:Type} {a_WT:WhyType a}, forall (f:(a -> a)) (k:Z)
(x:a), (0%Z <= k)%Z -> (((k = 0%Z) -> ((iter f k x) = x)) /\
((~ (k = 0%Z)) -> ((iter f k x) = (iter f (k - 1%Z)%Z (f x))))).
Parameter x0: t.
Axiom iter_1 : forall {a:Type} {a_WT:WhyType a}, forall (f:(a -> a)) (x:a),
((iter f 1%Z x) = (f x)).
Parameter iter: Z -> t -> t.
Axiom iter_s : forall {a:Type} {a_WT:WhyType a}, forall (f:(a -> a)) (k:Z)
(x:a), (0%Z < k)%Z -> ((iter f k x) = (f (iter f (k - 1%Z)%Z x))).
Axiom iter_0 : forall (x:t), ((iter 0%Z x) = x).
Axiom t : Type.
Parameter t_WhyType : WhyType t.
Existing Instance t_WhyType.
Axiom iter_s : forall (k:Z) (x:t), (0%Z < k)%Z -> ((iter k
x) = (iter (k - 1%Z)%Z (f x))).
Parameter eq: t -> t -> Prop.
Axiom iter_1 : forall (x:t), ((iter 1%Z x) = (f x)).
Axiom eq_spec : forall (x:t) (y:t), (eq x y) <-> (x = y).
Parameter f: t -> t.
Axiom iter_s2 : forall (k:Z) (x:t), (0%Z < k)%Z -> ((iter k
x) = (f (iter (k - 1%Z)%Z x))).
Parameter x0: t.
(* Why3 assumption *)
Definition x (i:Z): t := (iter (fun (y0:t) => (f y0)) i x0).
Parameter mu: Z.
......@@ -35,48 +45,52 @@ Axiom lambda_range : (1%Z <= lambda)%Z.
Axiom distinct : forall (i:Z) (j:Z), ((0%Z <= i)%Z /\
(i < (mu + lambda)%Z)%Z) -> (((0%Z <= j)%Z /\ (j < (mu + lambda)%Z)%Z) ->
((~ (i = j)) -> ~ ((iter i x0) = (iter j x0)))).
((~ (i = j)) -> ~ ((x i) = (x j)))).
Axiom cycle : forall (n:Z), (mu <= n)%Z -> ((iter (n + lambda)%Z
x0) = (iter n x0)).
Axiom cycle : forall (n:Z), (mu <= n)%Z -> ((x (n + lambda)%Z) = (x n)).
Axiom cycle_induction : forall (n:Z), (mu <= n)%Z -> forall (k:Z),
(0%Z <= k)%Z -> ((iter (n + (lambda * k)%Z)%Z x0) = (iter n x0)).
(0%Z <= k)%Z -> ((x (n + (lambda * k)%Z)%Z) = (x n)).
(* Why3 assumption *)
Inductive ref (a:Type) :=
| mk_ref : a -> ref a.
Implicit Arguments mk_ref.
Axiom ref_WhyType : forall (a:Type) {a_WT:WhyType a}, WhyType (ref a).
Existing Instance ref_WhyType.
Implicit Arguments mk_ref [[a]].
(* Why3 assumption *)
Definition contents (a:Type)(v:(ref a)): a :=
Definition contents {a:Type} {a_WT:WhyType a} (v:(ref a)): a :=
match v with
| (mk_ref x) => x
| (mk_ref x1) => x1
end.
Implicit Arguments contents.
Parameter dist: Z -> Z -> Z.
Axiom dist_def : forall (i:Z) (j:Z), (mu <= i)%Z -> ((mu <= j)%Z ->
((0%Z <= (dist i j))%Z /\ (((iter (i + (dist i j))%Z x0) = (iter j x0)) /\
forall (k:Z), (0%Z <= k)%Z -> (((iter (i + k)%Z x0) = (iter j x0)) ->
((dist i j) <= k)%Z)))).
((0%Z <= (dist i j))%Z /\ (((x (i + (dist i j))%Z) = (x j)) /\
forall (k:Z), (0%Z <= k)%Z -> (((x (i + k)%Z) = (x j)) -> ((dist i
j) <= k)%Z)))).
(* Why3 assumption *)
Definition rel(t2:t) (t1:t): Prop := exists i:Z, (t1 = (iter i x0)) /\
((t2 = (iter (i + 1%Z)%Z x0)) /\ (((1%Z <= i)%Z /\
(i <= (mu + lambda)%Z)%Z) /\ ((mu <= i)%Z -> ((dist ((2%Z * i)%Z + 2%Z)%Z
Definition rel (t2:t) (t1:t): Prop := exists i:Z, (t1 = (x i)) /\
((t2 = (x (i + 1%Z)%Z)) /\ (((1%Z <= i)%Z /\ (i <= (mu + lambda)%Z)%Z) /\
((mu <= i)%Z -> ((dist ((2%Z * i)%Z + 2%Z)%Z
(i + 1%Z)%Z) < (dist (2%Z * i)%Z i))%Z))).
(* Why3 goal *)
Theorem WP_parameter_tortoise_hare : forall (hare:t) (tortoise:t),
(exists t1:Z, ((1%Z <= t1)%Z /\ (t1 <= (mu + lambda)%Z)%Z) /\
((tortoise = (iter t1 x0)) /\ ((hare = (iter (2%Z * t1)%Z x0)) /\
forall (i:Z), ((1%Z <= i)%Z /\ (i < t1)%Z) -> ~ ((iter i
x0) = (iter (2%Z * i)%Z x0))))) -> ((~ (tortoise = hare)) ->
forall (tortoise1:t), (tortoise1 = (f tortoise)) -> forall (hare1:t),
(hare1 = (f (f hare))) -> (rel tortoise1 tortoise)).
Theorem VC_tortoise_hare : forall (hare:t) (tortoise:t), (exists t1:Z,
((1%Z <= t1)%Z /\ (t1 <= (mu + lambda)%Z)%Z) /\ ((tortoise = (x t1)) /\
((hare = (x (2%Z * t1)%Z)) /\ forall (i:Z), ((1%Z <= i)%Z /\ (i < t1)%Z) ->
~ ((x i) = (x (2%Z * i)%Z))))) -> (((eq tortoise hare) <->
(tortoise = hare)) -> ((~ (eq tortoise hare)) -> forall (tortoise1:t),
(tortoise1 = (f tortoise)) -> forall (hare1:t), (hare1 = (f (f hare))) ->
(rel tortoise1 tortoise))).
intros hare tortoise (t1,((h1,h2),(h3,(h4,h5)))) h6 h7 tortoise1 h8 hare1 h9.
Qed.
(* Unused content named WP_parameter_tortoise_hare
(* YOU MAY EDIT THE PROOF BELOW *)
intuition.
clear H2.
......@@ -114,5 +128,4 @@ ring_simplify (2 * i + 2 + (dist (2 * i) i - 1) - 1)%Z.
auto.
omega.
Qed.
*)
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Definition unit := unit.
Require Import BuiltIn.
Require BuiltIn.
Require HighOrd.
Require int.Int.
Parameter mark : Type.
(* Why3 assumption *)
Definition unit := unit.
Parameter at1: forall (a:Type), a -> mark -> a.
Parameter iter: forall {a:Type} {a_WT:WhyType a}, (a -> a) -> Z -> a -> a.
Implicit Arguments at1.
Axiom iter_def : forall {a:Type} {a_WT:WhyType a}, forall (f:(a -> a)) (k:Z)
(x:a), (0%Z <= k)%Z -> (((k = 0%Z) -> ((iter f k x) = x)) /\
((~ (k = 0%Z)) -> ((iter f k x) = (iter f (k - 1%Z)%Z (f x))))).
Parameter old: forall (a:Type), a -> a.
Axiom iter_1 : forall {a:Type} {a_WT:WhyType a}, forall (f:(a -> a)) (x:a),
((iter f 1%Z x) = (f x)).
Implicit Arguments old.
Axiom iter_s : forall {a:Type} {a_WT:WhyType a}, forall (f:(a -> a)) (k:Z)
(x:a), (0%Z < k)%Z -> ((iter f k x) = (f (iter f (k - 1%Z)%Z x))).
Parameter t : Type.
Axiom t : Type.
Parameter t_WhyType : WhyType t.
Existing Instance t_WhyType.
Parameter f: t -> t.
Parameter eq: t -> t -> Prop.
Axiom eq_spec : forall (x:t) (y:t), (eq x y) <-> (x = y).
Parameter x0: t.
Parameter f: t -> t.
Parameter x0: t.
Parameter iter: Z -> t -> t.
(* Why3 assumption *)
Definition x (i:Z): t := (iter (fun (y0:t) => (f y0)) i x0).
Parameter mu: Z.
Axiom iter_0 : forall (x:t), ((iter 0%Z x) = x).
Parameter lambda: Z.
Axiom iter_s : forall (k:Z) (x:t), (0%Z < k)%Z -> ((iter k
x) = (iter (k - 1%Z)%Z (f x))).
Axiom mu_range : (0%Z <= mu)%Z.
Axiom iter_1 : forall (x:t), ((iter 1%Z x) = (f x)).
Axiom iter_s2 : forall (k:Z) (x:t), (0%Z < k)%Z -> ((iter k
x) = (f (iter (k - 1%Z)%Z x))).
Parameter mu: Z.
Parameter lambda: Z.
Axiom mu_range : (0%Z <= (mu ))%Z.
Axiom lambda_range : (1%Z <= (lambda ))%Z.
Axiom lambda_range : (1%Z <= lambda)%Z.
Axiom distinct : forall (i:Z) (j:Z), ((0%Z <= i)%Z /\
(i < ((mu ) + (lambda ))%Z)%Z) -> (((0%Z <= j)%Z /\
(j < ((mu ) + (lambda ))%Z)%Z) -> ((~ (i = j)) -> ~ ((iter i
(x0 )) = (iter j (x0 ))))).
(i < (mu + lambda)%Z)%Z) -> (((0%Z <= j)%Z /\ (j < (mu + lambda)%Z)%Z) ->
((~ (i = j)) -> ~ ((x i) = (x j)))).
Axiom cycle : forall (n:Z), ((mu ) <= n)%Z -> ((iter (n + (lambda ))%Z
(x0 )) = (iter n (x0 ))).
Axiom cycle : forall (n:Z), (mu <= n)%Z -> ((x (n + lambda)%Z) = (x n)).
Theorem cycle_induction : forall (n:Z), ((mu ) <= n)%Z -> forall (k:Z),
(0%Z <= k)%Z -> ((iter (n + ((lambda ) * k)%Z)%Z (x0 )) = (iter n (x0 ))).
(* Why3 goal *)
Theorem cycle_induction : forall (n:Z), (mu <= n)%Z -> forall (k:Z),
(0%Z <= k)%Z -> ((x (n + (lambda * k)%Z)%Z) = (x n)).
(* Why3 intros n h1 k h2. *)
(* YOU MAY EDIT THE PROOF BELOW *)
intros n hn.
apply natlike_ind.
ring_simplify (n + lambda * 0)%Z; auto.
intros.
unfold Zsucc.
replace (n + lambda * (x + 1))%Z with ((n+lambda*x)+lambda)%Z by ring.
replace (n + lambda * (x1 + 1))%Z with ((n+lambda*x1)+lambda)%Z by ring.
rewrite cycle; auto.
assert (0 <= lambda * x)%Z.
assert (0 <= lambda * x1)%Z.
apply Zmult_le_0_compat; (generalize lambda_range; omega).
omega.
Qed.
(* DO NOT EDIT BELOW *)
......@@ -2,23 +2,27 @@
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="0" name="Coq" version="8.6" timelimit="10" steplimit="0" memlimit="0"/>
<prover id="0" name="Coq" version="8.6" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="2" name="Alt-Ergo" version="0.99.1" timelimit="10" steplimit="0" memlimit="0"/>
<file name="../tortoise_and_hare.mlw" expanded="true">
<theory name="TortoiseAndHare" sum="678b159d9bd73771a5d1163face6530f" expanded="true">
<goal name="cycle_induction" expanded="true">
<proof prover="0" edited="tortoise_and_hare_WP_TortoiseAndHare_cycle_induction_1.v"><result status="valid" time="0.35"/></proof>
<theory name="TortoiseAndHare" sum="7cea2bafc0941407491255aaac08300b" expanded="true">
<goal name="VC x0" expl="VC for x0">
<transf name="split_goal_wp">
</transf>
</goal>
<goal name="cycle_induction">
<proof prover="0" edited="tortoise_and_hare_WP_TortoiseAndHare_cycle_induction_1.v"><result status="valid" time="0.36"/></proof>
</goal>
<goal name="WP_parameter tortoise_hare" expl="VC for tortoise_hare" expanded="true">
<goal name="VC tortoise_hare" expl="VC for tortoise_hare" expanded="true">
<transf name="split_goal_wp" expanded="true">
<goal name="WP_parameter tortoise_hare.1" expl="1. loop invariant init" expanded="true">
<proof prover="2"><result status="valid" time="0.02" steps="24"/></proof>
<goal name="VC tortoise_hare.1" expl="1. loop invariant init">
<proof prover="2"><result status="valid" time="0.02" steps="102"/></proof>
</goal>
<goal name="WP_parameter tortoise_hare.2" expl="2. loop invariant preservation" expanded="true">
<proof prover="0" edited="tortoise_and_hare_WP_TortoiseAndHare_WP_parameter_tortoise_hare_2.v"><result status="valid" time="0.57"/></proof>
<goal name="VC tortoise_hare.2" expl="2. loop variant decrease" expanded="true">
<proof prover="0" edited="tortoise_and_hare_WP_TortoiseAndHare_WP_parameter_tortoise_hare_1.v" obsolete="true"><undone/></proof>
</goal>
<goal name="WP_parameter tortoise_hare.3" expl="3. loop variant decrease" expanded="true">
<proof prover="0" edited="tortoise_and_hare_WP_TortoiseAndHare_WP_parameter_tortoise_hare_1.v"><result status="valid" time="0.39"/></proof>
<goal name="VC tortoise_hare.3" expl="3. loop invariant preservation" expanded="true">
<proof prover="0" timelimit="10" memlimit="0" edited="tortoise_and_hare_WP_TortoiseAndHare_WP_parameter_tortoise_hare_2.v"><result status="unknown" time="0.27"/></proof>
</goal>
</transf>
</goal>
......
......@@ -4,15 +4,10 @@
<why3session shape_version="4">
<prover id="0" name="Alt-Ergo" version="0.99.1" timelimit="6" steplimit="0" memlimit="1000"/>
<prover id="1" name="CVC4" version="1.4" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="2" name="CVC3" version="2.4.1" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="3" name="Eprover" version="1.8-001" timelimit="6" steplimit="0" memlimit="1000"/>
<prover id="4" name="Vampire" version="0.6" timelimit="6" steplimit="0" memlimit="1000"/>
<prover id="5" name="Z3" version="4.2" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="6" name="Alt-Ergo" version="1.30" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="7" name="Yices" version="1.0.38" timelimit="5" steplimit="0" memlimit="1000"/>
<prover id="8" name="Z3" version="4.4.0" timelimit="5" steplimit="0" memlimit="1000"/>
<file name="../tree_height.mlw" expanded="true">
<theory name="HeightCPS" sum="56143ea961123bc30fc2b184c2952c02" expanded="true">
<theory name="HeightCPS" sum="1596efb5a30759311de415509f281b2a" expanded="true">
<goal name="VC height_cps" expl="VC for height_cps">
<proof prover="6"><result status="valid" time="0.00" steps="26"/></proof>
</goal>
......@@ -20,46 +15,11 @@
<proof prover="6"><result status="valid" time="0.00" steps="1"/></proof>
</goal>
<goal name="height_cps_correct" expanded="true">
<transf name="induction_ty_lex" expanded="true">
<goal name="height_cps_correct.1" expl="1." expanded="true">
<proof prover="0"><result status="unknown" time="0.00"/></proof>
<proof prover="1"><result status="unknown" time="0.01"/></proof>
<proof prover="2"><result status="unknown" time="0.02"/></proof>
<proof prover="3" timelimit="5"><internalfailure reason="Why3.Printer.UnknownPrinter(&quot;tptp-fof&quot;)"/></proof>
<proof prover="5"><result status="timeout" time="5.00"/></proof>
<proof prover="6"><result status="unknown" time="0.01"/></proof>
<proof prover="7"><result status="timeout" time="5.00"/></proof>
<proof prover="8"><result status="timeout" time="5.00"/></proof>
<transf name="split_goal_wp" expanded="true">
<goal name="height_cps_correct.1.1" expl="1." expanded="true">
<transf name="compute_in_goal" expanded="true">
<goal name="height_cps_correct.1.1.1" expl="1." expanded="true">
<proof prover="1"><result status="unknown" time="0.02"/></proof>
<proof prover="2"><result status="unknown" time="0.35"/></proof>
<proof prover="3" timelimit="5"><internalfailure reason="Why3.Printer.UnknownPrinter(&quot;tptp-fof&quot;)"/></proof>
<proof prover="5"><result status="timeout" time="5.00"/></proof>
<proof prover="6"><result status="timeout" time="5.01"/></proof>
<proof prover="7"><result status="unknown" time="1.91"/></proof>
<proof prover="8"><result status="timeout" time="5.00"/></proof>
</goal>
</transf>
</goal>
<goal name="height_cps_correct.1.2" expl="2." expanded="true">
<transf name="compute_in_goal" expanded="true">
<goal name="height_cps_correct.1.2.1" expl="1.">
</goal>
</transf>
</goal>
</transf>
</goal>
</transf>
</goal>
<goal name="height1_correct" expanded="true">
<proof prover="0"><result status="unknown" time="0.01"/></proof>
<proof prover="6"><result status="unknown" time="0.00"/></proof>
</goal>
</theory>
<theory name="Iteration" sum="d6b56da2821d62a146b19c957c33171b">
<theory name="Iteration" sum="afade23b6e0721562d822b490670f598" expanded="true">
<goal name="VC is_id" expl="VC for is_id">
<proof prover="6"><result status="valid" time="0.00" steps="1"/></proof>
</goal>
......@@ -76,29 +36,121 @@
<goal name="helper1">
<proof prover="0"><result status="valid" time="0.01" steps="1"/></proof>
</goal>
<goal name="sizew_nonneg">
<proof prover="3"><internalfailure reason="Why3.Printer.UnknownPrinter(&quot;tptp-fof&quot;)"/></proof>
<proof prover="6"><result status="unknown" time="0.01"/></proof>
<goal name="sizew_nonneg" expanded="true">
</goal>
<goal name="VC height1" expl="VC for height1">
<proof prover="6"><result status="unknown" time="0.23"/></proof>
<transf name="split_goal_wp">
<goal name="VC height1.1" expl="1. loop invariant init">
<proof prover="6"><result status="valid" time="0.00" steps="9"/></proof>
</goal>
<goal name="VC height1.2" expl="2. loop variant decrease">
<proof prover="6"><result status="valid" time="0.00" steps="13"/></proof>
</goal>
<goal name="VC height1.3" expl="3. loop invariant preservation">
<proof prover="6"><result status="valid" time="0.01" steps="25"/></proof>
</goal>
<goal name="VC height1.4" expl="4. loop variant decrease">
<proof prover="6"><result status="valid" time="0.01" steps="15"/></proof>
</goal>
<goal name="VC height1.5" expl="5. loop invariant preservation">
<proof prover="6"><result status="valid" time="0.01" steps="39"/></proof>
</goal>
<goal name="VC height1.6" expl="6. unreachable point">
<proof prover="6"><result status="valid" time="0.01" steps="33"/></proof>
</goal>
<goal name="VC height1.7" expl="7. loop variant decrease">
<proof prover="6"><result status="valid" time="0.01" steps="13"/></proof>
</goal>
<goal name="VC height1.8" expl="8. loop invariant preservation">
<proof prover="6"><result status="valid" time="0.01" steps="32"/></proof>
</goal>
<goal name="VC height1.9" expl="9. loop variant decrease">
<proof prover="6"><result status="valid" time="0.01" steps="15"/></proof>
</goal>
<goal name="VC height1.10" expl="10. loop invariant preservation">
<proof prover="6"><result status="valid" time="0.01" steps="41"/></proof>
</goal>
<goal name="VC height1.11" expl="11. loop variant decrease">
<proof prover="6"><result status="valid" time="0.01" steps="14"/></proof>
</goal>
<goal name="VC height1.12" expl="12. loop invariant preservation">
<proof prover="6"><result status="valid" time="0.01" steps="31"/></proof>
</goal>
<goal name="VC height1.13" expl="13. loop variant decrease">
<proof prover="6"><result status="valid" time="0.01" steps="13"/></proof>
</goal>
<goal name="VC height1.14" expl="14. loop invariant preservation">
<proof prover="6"><result status="valid" time="0.01" steps="30"/></proof>
</goal>
<goal name="VC height1.15" expl="15. loop variant decrease">
<proof prover="6"><result status="valid" time="0.01" steps="15"/></proof>
</goal>
<goal name="VC height1.16" expl="16. loop invariant preservation">
<proof prover="6"><result status="valid" time="0.01" steps="41"/></proof>
</goal>
<goal name="VC height1.17" expl="17. loop variant decrease">
<proof prover="6"><result status="valid" time="0.00" steps="14"/></proof>
</goal>
<goal name="VC height1.18" expl="18. loop invariant preservation">
<proof prover="6"><result status="valid" time="0.01" steps="26"/></proof>
</goal>
<goal name="VC height1.19" expl="19. unreachable point">
<proof prover="6"><result status="valid" time="0.01" steps="5"/></proof>
</goal>
<goal name="VC height1.20" expl="20. postcondition">
<transf name="inline_all">
<goal name="VC height1.20.1" expl="1. postcondition">
<proof prover="6"><result status="valid" time="0.01" steps="7"/></proof>
</goal>
</transf>
</goal>
</transf>
</goal>
</theory>
<theory name="HeightStack" sum="16545e1df7b824b57b76b29138cbebef">
<theory name="HeightStack" sum="664e0716691fa3052904de966df117f7">
<goal name="sizes_nonneg">
<transf name="induction_ty_lex">
<goal name="sizes_nonneg.1" expl="1.">
<proof prover="3"><internalfailure reason="Why3.Printer.UnknownPrinter(&quot;tptp-fof&quot;)"/></proof>
<proof prover="4" obsolete="true"><result status="valid" time="0.23"/></proof>
<proof prover="6"><result status="unknown" time="0.01"/></proof>
<proof prover="4"><result status="valid" time="0.23"/></proof>
</goal>
</transf>
</goal>
<goal name="VC height_stack" expl="VC for height_stack">
<proof prover="6"><result status="timeout" time="5.02"/></proof>
<transf name="split_goal_wp">
<goal name="VC height_stack.1" expl="1. variant decrease">
<proof prover="6"><result status="valid" time="0.01" steps="36"/></proof>
</goal>
<goal name="VC height_stack.2" expl="2. precondition">
<proof prover="6"><result status="valid" time="0.00" steps="9"/></proof>
</goal>
<goal name="VC height_stack.3" expl="3. variant decrease">
<proof prover="6"><result status="valid" time="0.01" steps="21"/></proof>
</goal>
<goal name="VC height_stack.4" expl="4. precondition">
<proof prover="6"><result status="valid" time="0.01" steps="5"/></proof>
</goal>
<goal name="VC height_stack.5" expl="5. postcondition">
<proof prover="6"><result status="valid" time="0.01" steps="26"/></proof>
</goal>
<goal name="VC height_stack.6" expl="6. postcondition">
<proof prover="1"><result status="valid" time="0.06"/></proof>
<proof prover="6"><result status="timeout" time="4.96"/></proof>
</goal>
<goal name="VC height_stack.7" expl="7. postcondition">
<proof prover="1"><result status="valid" time="0.10"/></proof>