mergesort_list: generic code, a bit of cleaning up

parent 981d11a6
(* Sorting a list of integers using mergesort *)
module M
module Elt
use import int.Int
use import list.Length
use import list.SortedInt
use import list.Append
use import list.Permut
use export int.Int
use export list.Length
use export list.Append
use export list.Permut
let split (l0 : list 'a)
type elt
predicate le elt elt
clone relations.TotalPreOrder with type t = elt, predicate rel = le
clone export list.Sorted with type t = elt, predicate le = le
end
module Merge
use export Elt
let rec merge (l1 l2: list elt) : list elt
requires { sorted l1 /\ sorted l2 }
ensures { sorted result /\ permut result (l1 ++ l2) }
variant { length l1 + length l2 }
= match l1, l2 with
| Nil, _ -> l2
| _, Nil -> l1
| Cons x1 r1, Cons x2 r2 ->
if le x1 x2 then Cons x1 (merge r1 l2) else Cons x2 (merge l1 r2)
end
end
(* TODO: proof to be completed
module EfficientMerge
use export Elt
use import list.Mem
use import list.Reverse
use import list.RevAppend
let rec merge_aux (acc l1 l2: list elt) : list elt
requires { sorted (reverse acc) /\ sorted l1 /\ sorted l2 }
requires { forall x y: elt. mem x acc -> mem y l1 -> le x y }
requires { forall x y: elt. mem x acc -> mem y l2 -> le x y }
ensures { sorted result /\ permut result (acc ++ l1 ++ l2) }
variant { length l1 + length l2 }
= match l1, l2 with
| Nil, _ -> rev_append acc l2
| _, Nil -> rev_append acc l1
| Cons x1 r1, Cons x2 r2 ->
if le x1 x2 then merge_aux (Cons x1 acc) r1 l2
else merge_aux (Cons x2 acc) l1 r2
end
let merge (l1 l2: list elt) : list elt
requires { sorted l1 /\ sorted l2 }
ensures { sorted result /\ permut result (l1 ++ l2) }
=
merge_aux Nil l1 l2
end
*)
module Mergesort
use import Merge
let split (l0: list 'a) : (list 'a, list 'a)
requires { length l0 >= 2 }
ensures { let (l1, l2) = result in
ensures { let (l1, l2) = result in
1 <= length l1 /\ 1 <= length l2 /\ permut l0 (l1 ++ l2) }
= let rec split_aux (l1 : list 'a) l2 l variant { length l }
= let rec split_aux (l1 l2 l: list 'a) : (list 'a, list 'a)
requires { length l2 = length l1 \/ length l2 = length l1 + 1 }
ensures { let r1, r2 = result in
ensures { let r1, r2 = result in
(length r2 = length r1 \/ length r2 = length r1 + 1) /\
permut (r1 ++ r2) (l1 ++ (l2 ++ l)) }
variant { length l }
= match l with
| Nil -> (l1, l2)
| Cons x r -> split_aux l2 (Cons x l1) r
......@@ -25,18 +84,9 @@ module M
in
split_aux Nil Nil l0
let rec merge l1 l2 variant { length l1 + length l2 }
requires { sorted l1 /\ sorted l2 }
ensures { sorted result /\ permut result (l1 ++ l2) }
= match l1, l2 with
| Nil, _ -> l2
| _, Nil -> l1
| Cons x1 r1, Cons x2 r2 ->
if x1 <= x2 then Cons x1 (merge r1 l2) else Cons x2 (merge l1 r2)
end
let rec mergesort l variant { length l }
let rec mergesort (l: list elt) : list elt
ensures { sorted result /\ permut result l }
variant { length l }
= match l with
| Nil | Cons _ Nil -> l
| _ -> let l1, l2 = split l in merge (mergesort l1) (mergesort l2)
......
......@@ -4,296 +4,1271 @@
<prover
id="0"
name="Alt-Ergo"
version="0.95.1"/>
version="0.95.2"/>
<prover
id="1"
name="Alt-Ergo"
version="0.95.2"/>
name="CVC4"
version="1.3"/>
<prover
id="2"
name="CVC3"
version="2.4.1"/>
name="Spass"
version="3.7"/>
<prover
id="3"
name="CVC4"
version="1.3"/>
<prover
id="4"
name="Z3"
version="2.19"/>
version="4.3.1"/>
<file
name="../mergesort_list.mlw"
verified="true"
verified="false"
expanded="true">
<theory
name="M"
name="Elt"
locfile="../mergesort_list.mlw"
loclnum="4" loccnumb="7" loccnume="8"
loclnum="4" loccnumb="7" loccnume="10"
verified="true"
expanded="true">
expanded="false">
</theory>
<theory
name="Merge"
locfile="../mergesort_list.mlw"
loclnum="18" loccnumb="7" loccnume="12"
verified="true"
expanded="false">
<goal
name="WP_parameter split"
name="WP_parameter merge"
locfile="../mergesort_list.mlw"
loclnum="12" loccnumb="6" loccnume="11"
expl="VC for split"
sum="0451da024cb8b7e0d8b2abb9b70c5bcd"
loclnum="22" loccnumb="10" loccnume="15"
expl="VC for merge"
sum="bcc530b771220654e0203ca312545478"
proved="true"
expanded="true"
shape="apermutV0ainfix ++V3V4Aainfix &lt;=c1alengthV4Aainfix &lt;=c1alengthV3Iapermutainfix ++V3V4ainfix ++V2ainfix ++V1V0Aainfix =alengthV4ainfix +alengthV3c1Oainfix =alengthV4alengthV3FAainfix =alengthV1ainfix +alengthV2c1Oainfix =alengthV1alengthV2LaNilLaNilACapermutainfix ++V5V6ainfix ++V5ainfix ++V6V7Aainfix =alengthV6ainfix +alengthV5c1Oainfix =alengthV6alengthV5aNilapermutainfix ++V11V12ainfix ++V5ainfix ++V6V7Aainfix =alengthV12ainfix +alengthV11c1Oainfix =alengthV12alengthV11Iapermutainfix ++V11V12ainfix ++V6ainfix ++V10V9Aainfix =alengthV12ainfix +alengthV11c1Oainfix =alengthV12alengthV11FAainfix =alengthV10ainfix +alengthV6c1Oainfix =alengthV10alengthV6Aainfix &lt;alengthV9alengthV7Aainfix &lt;=c0alengthV7LaConsV8V5aConsVVV7Iainfix =alengthV6ainfix +alengthV5c1Oainfix =alengthV6alengthV5FIainfix &gt;=alengthV0c2F">
expanded="false"
shape="CCiapermutV7ainfix ++V0V1AasortedV7LaConsV2V6IapermutV6ainfix ++V0V3AasortedV6FAasortedV3AasortedV0Aainfix &lt;ainfix +alengthV0alengthV3ainfix +alengthV0alengthV1Aainfix &lt;=c0ainfix +alengthV0alengthV1apermutV9ainfix ++V0V1AasortedV9LaConsV4V8IapermutV8ainfix ++V5V1AasortedV8FAasortedV1AasortedV5Aainfix &lt;ainfix +alengthV5alengthV1ainfix +alengthV0alengthV1Aainfix &lt;=c0ainfix +alengthV0alengthV1aleV4V2aConsVVapermutV1ainfix ++V0V1AasortedV1aNilV0aConsVVCapermutV1ainfix ++V0V1AasortedV1aNilapermutV0ainfix ++V0V1AasortedV0wV0aNilV1IasortedV1AasortedV0F">
<label
name="expl:VC for split"/>
name="expl:VC for merge"/>
<transf
name="split_goal"
name="split_goal_wp"
proved="true"
expanded="true">
expanded="false">
<goal
name="WP_parameter split.1"
name="WP_parameter merge.1"
locfile="../mergesort_list.mlw"
loclnum="12" loccnumb="6" loccnume="11"
expl="1. postcondition"
sum="13380df448911466443e653434ed9083"
loclnum="22" loccnumb="10" loccnume="15"
expl="1. variant decrease"
sum="5df9ba86198a60d432f773534c767b8f"
proved="true"
expanded="true"
shape="postconditionCapermutainfix ++V1V2ainfix ++V1ainfix ++V2V3Aainfix =alengthV2ainfix +alengthV1c1Oainfix =alengthV2alengthV1aNiltaConsVVV3Iainfix =alengthV2ainfix +alengthV1c1Oainfix =alengthV2alengthV1FIainfix &gt;=alengthV0c2F">
expanded="false"
shape="variant decreaseCCainfix &lt;ainfix +alengthV5alengthV1ainfix +alengthV0alengthV1Aainfix &lt;=c0ainfix +alengthV0alengthV1IaleV4V2aConsVVtaNilV0aConsVVtaNilV1IasortedV1AasortedV0F">
<label
name="expl:VC for split"/>
name="expl:VC for merge"/>
<proof
prover="0"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.01"/>
</proof>
</goal>
<goal
name="WP_parameter merge.2"
locfile="../mergesort_list.mlw"
loclnum="22" loccnumb="10" loccnume="15"
expl="2. precondition"
sum="4ae258590f66696f0ab3d54283456489"
proved="true"
expanded="false"
shape="preconditionCCasortedV1AasortedV5IaleV4V2aConsVVtaNilV0aConsVVtaNilV1IasortedV1AasortedV0F">
<label
name="expl:VC for merge"/>
<proof
prover="0"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.02"/>
</proof>
</goal>
<goal
name="WP_parameter merge.3"
locfile="../mergesort_list.mlw"
loclnum="22" loccnumb="10" loccnume="15"
expl="3. postcondition"
sum="f4299b5bee18b2fc1f791bb180156f7c"
proved="true"
expanded="false"
shape="postconditionCCapermutV7ainfix ++V0V1AasortedV7LaConsV4V6IapermutV6ainfix ++V5V1AasortedV6FIasortedV1AasortedV5IaleV4V2aConsVVtaNilV0aConsVVtaNilV1IasortedV1AasortedV0F">
<label
name="expl:VC for merge"/>
<proof
prover="1"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="2.50"/>
</proof>
</goal>
<goal
name="WP_parameter merge.4"
locfile="../mergesort_list.mlw"
loclnum="22" loccnumb="10" loccnume="15"
expl="4. variant decrease"
sum="af169bc151538171f120db6b81c97dd9"
proved="true"
expanded="false"
shape="variant decreaseCCainfix &lt;ainfix +alengthV0alengthV3ainfix +alengthV0alengthV1Aainfix &lt;=c0ainfix +alengthV0alengthV1INaleV4V2aConsVVtaNilV0aConsVVtaNilV1IasortedV1AasortedV0F">
<label
name="expl:VC for merge"/>
<proof
prover="0"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.01"/>
</proof>
</goal>
<goal
name="WP_parameter merge.5"
locfile="../mergesort_list.mlw"
loclnum="22" loccnumb="10" loccnume="15"
expl="5. precondition"
sum="41354b8776e9aadb7fa72845798610d2"
proved="true"
expanded="false"
shape="preconditionCCasortedV3AasortedV0INaleV4V2aConsVVtaNilV0aConsVVtaNilV1IasortedV1AasortedV0F">
<label
name="expl:VC for merge"/>
<proof
prover="0"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.02"/>
</proof>
</goal>
<goal
name="WP_parameter merge.6"
locfile="../mergesort_list.mlw"
loclnum="22" loccnumb="10" loccnume="15"
expl="6. postcondition"
sum="2ff8998cdfd9b6433e4630e6a7eac102"
proved="true"
expanded="false"
shape="postconditionCCapermutV7ainfix ++V0V1AasortedV7LaConsV2V6IapermutV6ainfix ++V0V3AasortedV6FIasortedV3AasortedV0INaleV4V2aConsVVtaNilV0aConsVVtaNilV1IasortedV1AasortedV0F">
<label
name="expl:VC for merge"/>
<proof
prover="1"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="2.93"/>
</proof>
</goal>
<goal
name="WP_parameter merge.7"
locfile="../mergesort_list.mlw"
loclnum="22" loccnumb="10" loccnume="15"
expl="7. postcondition"
sum="124b45d68ef43852ecc21eccfc50a61c"
proved="true"
expanded="false"
shape="postconditionCCtaConsVVapermutV1ainfix ++V0V1AasortedV1aNilV0aConsVVtaNilV1IasortedV1AasortedV0F">
<label
name="expl:VC for merge"/>
<proof
prover="0"
timelimit="10"
memlimit="0"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.00"/>
</proof>
<proof
prover="1"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.05"/>
</proof>
<proof
prover="3"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.03"/>
</proof>
</goal>
<goal
name="WP_parameter split.2"
name="WP_parameter merge.8"
locfile="../mergesort_list.mlw"
loclnum="12" loccnumb="6" loccnume="11"
expl="2. variant decrease"
sum="f6f1023637177c8a720b5bf036c7b009"
loclnum="22" loccnumb="10" loccnume="15"
expl="8. postcondition"
sum="e648365f0679a76aa862ad4d11648885"
proved="true"
expanded="true"
shape="variant decreaseCtaNilainfix &lt;alengthV5alengthV3Aainfix &lt;=c0alengthV3LaConsV4V1aConsVVV3Iainfix =alengthV2ainfix +alengthV1c1Oainfix =alengthV2alengthV1FIainfix &gt;=alengthV0c2F">
expanded="false"
shape="postconditionCtaConsVVCapermutV1ainfix ++V0V1AasortedV1aNiltwV0aNilV1IasortedV1AasortedV0F">
<label
name="expl:VC for split"/>
name="expl:VC for merge"/>
<proof
prover="0"
timelimit="15"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.01"/>
</proof>
<proof
prover="1"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.04"/>
</proof>
<proof
prover="3"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.02"/>
</proof>
</goal>
<goal
name="WP_parameter split.3"
name="WP_parameter merge.9"
locfile="../mergesort_list.mlw"
loclnum="12" loccnumb="6" loccnume="11"
expl="3. precondition"
sum="d660367c6a5e3be2f58e112e3ede2caa"
loclnum="22" loccnumb="10" loccnume="15"
expl="9. postcondition"
sum="64800f09a57b78755d3cd8079cc5e843"
proved="true"
expanded="true"
shape="preconditionCtaNilainfix =alengthV6ainfix +alengthV2c1Oainfix =alengthV6alengthV2LaConsV4V1aConsVVV3Iainfix =alengthV2ainfix +alengthV1c1Oainfix =alengthV2alengthV1FIainfix &gt;=alengthV0c2F">
expanded="false"
shape="postconditionCtaConsVVCtaNilapermutV0ainfix ++V0V1AasortedV0wV0aNilV1IasortedV1AasortedV0F">
<label
name="expl:VC for split"/>
name="expl:VC for merge"/>
<proof
prover="0"
timelimit="10"
memlimit="0"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.01"/>
</proof>
<proof
prover="1"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.05"/>
</proof>
<proof
prover="3"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.03"/>
</proof>
</goal>
</transf>
</goal>
</theory>
<theory
name="EfficientMerge"
locfile="../mergesort_list.mlw"
loclnum="35" loccnumb="7" loccnume="21"
verified="false"
expanded="true">
<goal
name="WP_parameter merge_aux"
locfile="../mergesort_list.mlw"
loclnum="42" loccnumb="10" loccnume="19"
expl="VC for merge_aux"
sum="7aa8ac096566545e8d53fdfcc017adea"
proved="false"
expanded="true"
shape="CCiapermutV8ainfix ++ainfix ++V0V1V2AasortedV8IapermutV8ainfix ++ainfix ++V7V1V4AasortedV8FAaleV9V10IamemV10V4IamemV9V7FAaleV11V12IamemV12V1IamemV11V7FAasortedV4AasortedV1AasortedareverseV7Aainfix &lt;ainfix +alengthV1alengthV4ainfix +alengthV1alengthV2Aainfix &lt;=c0ainfix +alengthV1alengthV2LaConsV3V0apermutV14ainfix ++ainfix ++V0V1V2AasortedV14IapermutV14ainfix ++ainfix ++V13V6V2AasortedV14FAaleV15V16IamemV16V2IamemV15V13FAaleV17V18IamemV18V6IamemV17V13FAasortedV2AasortedV6AasortedareverseV13Aainfix &lt;ainfix +alengthV6alengthV2ainfix +alengthV1alengthV2Aainfix &lt;=c0ainfix +alengthV1alengthV2LaConsV5V0aleV5V3aConsVVapermutV19ainfix ++ainfix ++V0V1V2AasortedV19Larev_appendV0V2aNilV1aConsVVCapermutV20ainfix ++ainfix ++V0V1V2AasortedV20Larev_appendV0V2aNilapermutV21ainfix ++ainfix ++V0V1V2AasortedV21Larev_appendV0V1wV1aNilV2IaleV22V23IamemV23V2IamemV22V0FAaleV24V25IamemV25V1IamemV24V0FAasortedV2AasortedV1AasortedareverseV0F">
<label
name="expl:VC for merge_aux"/>
<transf
name="split_goal_wp"
proved="false"
expanded="true">
<goal
name="WP_parameter split.4"
name="WP_parameter merge_aux.1"
locfile="../mergesort_list.mlw"
loclnum="12" loccnumb="6" loccnume="11"
expl="4. postcondition"
sum="cc2c23c2d3c740650fbe3a0f8589be47"
loclnum="42" loccnumb="10" loccnume="19"
expl="1. variant decrease"
sum="96d153782c1d86f89d19d6c0e68997f5"
proved="true"
expanded="true"
shape="postconditionCtaNilapermutainfix ++V7V8ainfix ++V1ainfix ++V2V3Aainfix =alengthV8ainfix +alengthV7c1Oainfix =alengthV8alengthV7Iapermutainfix ++V7V8ainfix ++V2ainfix ++V6V5Aainfix =alengthV8ainfix +alengthV7c1Oainfix =alengthV8alengthV7FIainfix =alengthV6ainfix +alengthV2c1Oainfix =alengthV6alengthV2LaConsV4V1aConsVVV3Iainfix =alengthV2ainfix +alengthV1c1Oainfix =alengthV2alengthV1FIainfix &gt;=alengthV0c2F">
expanded="false"
shape="variant decreaseCCainfix &lt;ainfix +alengthV6alengthV2ainfix +alengthV1alengthV2Aainfix &lt;=c0ainfix +alengthV1alengthV2LaConsV5V0IaleV5V3aConsVVtaNilV1aConsVVtaNilV2IaleV8V9IamemV9V2IamemV8V0FAaleV10V11IamemV11V1IamemV10V0FAasortedV2AasortedV1AasortedareverseV0F">
<label
name="expl:VC for split"/>
name="expl:VC for merge_aux"/>
<proof
prover="0"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.03"/>
</proof>
</goal>
<goal
name="WP_parameter merge_aux.2"
locfile="../mergesort_list.mlw"
loclnum="42" loccnumb="10" loccnume="19"
expl="2. precondition"
sum="35e1b516edf555cde8c5d66f72fab404"
proved="false"
expanded="false"
shape="preconditionCCasortedV2AasortedV6AasortedareverseV7LaConsV5V0IaleV5V3aConsVVtaNilV1aConsVVtaNilV2IaleV8V9IamemV9V2IamemV8V0FAaleV10V11IamemV11V1IamemV10V0FAasortedV2AasortedV1AasortedareverseV0F">
<label
name="expl:VC for merge_aux"/>
<proof
prover="0"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="timeout" time="9.98"/>
</proof>
<proof
prover="1"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="timeout" time="10.01"/>
</proof>
<proof
prover="3"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="timeout" time="9.98"/>
</proof>
<transf
name="split_goal"
proved="true"
expanded="true">
name="split_goal_wp"
proved="false"
expanded="false">
<goal
name="WP_parameter split.4.1"
name="WP_parameter merge_aux.2.1"
locfile="../mergesort_list.mlw"
loclnum="12" loccnumb="6" loccnume="11"
loclnum="42" loccnumb="10" loccnume="19"
expl="1."
sum="3919efc343fee3aa3a31e07f4e9e368a"
proved="true"
expanded="true"
shape="CtaNilainfix =alengthV8ainfix +alengthV7c1Oainfix =alengthV8alengthV7Iapermutainfix ++V7V8ainfix ++V2ainfix ++V6V5Aainfix =alengthV8ainfix +alengthV7c1Oainfix =alengthV8alengthV7FIainfix =alengthV6ainfix +alengthV2c1Oainfix =alengthV6alengthV2LaConsV4V1aConsVVV3Iainfix =alengthV2ainfix +alengthV1c1Oainfix =alengthV2alengthV1FIainfix &gt;=alengthV0c2F">
sum="6f89828874e2df29d860d581e1fd00fa"
proved="false"
expanded="false"
shape="CCasortedareverseV7LaConsV5V0IaleV5V3aConsVVtaNilV1aConsVVtaNilV2IaleV8V9IamemV9V2IamemV8V0FAaleV10V11IamemV11V1IamemV10V0FAasortedV2AasortedV1AasortedareverseV0F">
<label
name="expl:VC for split"/>
name="expl:VC for merge_aux"/>
<proof
prover="0"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="timeout" time="9.97"/>
</proof>
<proof
prover="2"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="timeout" time="10.03"/>
</proof>
<proof
prover="3"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="timeout" time="9.98"/>
</proof>
</goal>
<goal
name="WP_parameter merge_aux.2.2"
locfile="../mergesort_list.mlw"
loclnum="42" loccnumb="10" loccnume="19"
expl="2."
sum="59bfb0b7e9e211882103a631fe0624a6"
proved="true"
expanded="false"
shape="CCasortedV6LaConsV5V0IaleV5V3aConsVVtaNilV1aConsVVtaNilV2IaleV8V9IamemV9V2IamemV8V0FAaleV10V11IamemV11V1IamemV10V0FAasortedV2AasortedV1AasortedareverseV0F">
<label
name="expl:VC for merge_aux"/>
<proof
prover="0"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.02"/>
</proof>
</goal>
<goal
name="WP_parameter merge_aux.2.3"
locfile="../mergesort_list.mlw"
loclnum="42" loccnumb="10" loccnume="19"
expl="3."
sum="72452b7cb70c106cba0e8c814894c661"
proved="true"
expanded="false"
shape="CCasortedV2LaConsV5V0IaleV5V3aConsVVtaNilV1aConsVVtaNilV2IaleV8V9IamemV9V2IamemV8V0FAaleV10V11IamemV11V1IamemV10V0FAasortedV2AasortedV1AasortedareverseV0F">
<label
name="expl:VC for merge_aux"/>
<proof
prover="0"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.03"/>
</proof>
</goal>
</transf>
</goal>
<goal
name="WP_parameter merge_aux.3"
locfile="../mergesort_list.mlw"
loclnum="42" loccnumb="10" loccnume="19"
expl="3. precondition"
sum="a69122c76226808ef881435e34fa6b70"
proved="true"
expanded="false"
shape="preconditionCCaleV8V9IamemV9V6IamemV8V7FLaConsV5V0IaleV5V3aConsVVtaNilV1aConsVVtaNilV2IaleV10V11IamemV11V2IamemV10V0FAaleV12V13IamemV13V1IamemV12V0FAasortedV2AasortedV1AasortedareverseV0F">
<label
name="expl:VC for merge_aux"/>
<proof
prover="0"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.11"/>
</proof>
</goal>
<goal
name="WP_parameter merge_aux.4"
locfile="../mergesort_list.mlw"
loclnum="42" loccnumb="10" loccnume="19"
expl="4. precondition"
sum="2caeb3bc8ef4451fa23dda87cd41960e"
proved="true"
expanded="false"
shape="preconditionCCaleV8V9IamemV9V2IamemV8V7FLaConsV5V0IaleV5V3aConsVVtaNilV1aConsVVtaNilV2IaleV10V11IamemV11V2IamemV10V0FAaleV12V13IamemV13V1IamemV12V0FAasortedV2AasortedV1AasortedareverseV0F">
<label
name="expl:VC for merge_aux"/>
<proof
prover="0"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="timeout" time="9.97"/>
</proof>
<proof
prover="1"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.59"/>
</proof>
<proof
prover="3"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="1.06"/>
</proof>
</goal>
<goal
name="WP_parameter merge_aux.5"
locfile="../mergesort_list.mlw"
loclnum="42" loccnumb="10" loccnume="19"
expl="5. postcondition"
sum="e123d7ec0707f080238b1bd734003280"
proved="true"
expanded="false"
shape="postconditionCCapermutV8ainfix ++ainfix ++V0V1V2AasortedV8IapermutV8ainfix ++ainfix ++V7V6V2AasortedV8FIaleV9V10IamemV10V2IamemV9V7FAaleV11V12IamemV12V6IamemV11V7FAasortedV2AasortedV6AasortedareverseV7LaConsV5V0IaleV5V3aConsVVtaNilV1aConsVVtaNilV2IaleV13V14IamemV14V2IamemV13V0FAaleV15V16IamemV16V1IamemV15V0FAasortedV2AasortedV1AasortedareverseV0F">
<label
name="expl:VC for merge_aux"/>
<proof
prover="0"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="2.37"/>
</proof>
</goal>
<goal
name="WP_parameter merge_aux.6"
locfile="../mergesort_list.mlw"
loclnum="42" loccnumb="10" loccnume="19"
expl="6. variant decrease"
sum="8b1b8f97702cf87cfc175e437c349527"
proved="true"
expanded="false"
shape="variant decreaseCCainfix &lt;ainfix +alengthV1alengthV4ainfix +alengthV1alengthV2Aainfix &lt;=c0ainfix +alengthV1alengthV2LaConsV3V0INaleV5V3aConsVVtaNilV1aConsVVtaNilV2IaleV8V9IamemV9V2IamemV8V0FAaleV10V11IamemV11V1IamemV10V0FAasortedV2AasortedV1AasortedareverseV0F">
<label
name="expl:VC for merge_aux"/>
<proof
prover="0"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="valid" time="0.02"/>
</proof>
</goal>
<goal
name="WP_parameter merge_aux.7"
locfile="../mergesort_list.mlw"
loclnum="42" loccnumb="10" loccnume="19"
expl="7. precondition"
sum="72da5f5624de86714538f860c2f77cb0"
proved="false"
expanded="false"
shape="preconditionCCasortedV4AasortedV1AasortedareverseV7LaConsV3V0INaleV5V3aConsVVtaNilV1aConsVVtaNilV2IaleV8V9IamemV9V2IamemV8V0FAaleV10V11IamemV11V1IamemV10V0FAasortedV2AasortedV1AasortedareverseV0F">
<label
name="expl:VC for merge_aux"/>
<proof
prover="0"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="timeout" time="9.98"/>
</proof>
<proof
prover="1"
timelimit="10"
memlimit="1000"
obsolete="false"
archived="false">
<result status="timeout" time="10.01"/>
</proof>
<proof
prover="3"