Commit 927e6350 authored by Jonathan Moerman's avatar Jonathan Moerman
Browse files

Prove avrmodel using 1 additional axiom

parent da1032e3
......@@ -403,6 +403,7 @@ let adiw (dst: register) (k: int): unit
ensures { ?cf*pow2 16 + uint 2 reg dst = old (uint 2 reg dst + k) }
= let sum = Map.get reg.data dst + 256*Map.get reg.data (dst+1) +k in
reg.data <- data_set reg.data dst (mod sum 256);
assert { mod sum 256 = mod (old (reg[dst] + k)) 256 };
reg.data <- data_set reg.data (dst+1) (mod (div sum 256) 256);
cf.value <- (sum > 65535)
......@@ -427,6 +428,8 @@ use bv.BV8
val bv8_to_int (x: BV8.t): int
ensures { result = BV8.t'int x }
axiom bv8_nth_def: forall x y. BV8.nth (BV8.of_int x) y <-> mod (div x (pow2 y)) 2 = 1
let add_ (dst src: register): unit
writes { reg, cf }
......
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE why3session PUBLIC "-//Why3//proof session v5//EN"
"http://why3.lri.fr/why3session.dtd">
<why3session shape_version="4">
<prover id="0" name="CVC3" version="2.4.1" timelimit="13" steplimit="1" memlimit="1000"/>
<prover id="2" name="CVC4" version="1.4" timelimit="13" steplimit="1" memlimit="1000"/>
<prover id="3" name="CVC4" version="1.5" timelimit="13" steplimit="0" memlimit="1000"/>
<prover id="4" name="Alt-Ergo" version="2.0.0" timelimit="13" steplimit="1" memlimit="1000"/>
<prover id="5" name="CVC4" version="1.4" alternative="noBV" timelimit="13" steplimit="1" memlimit="1000"/>
<file name="../avrmodel.mlw">
<theory name="AVRint" sum="b263d2793d6b4d719244c500d148f089">
<goal name="WP_parameter prefix ?" expl="VC for prefix ?">
<proof prover="4"><result status="valid" time="0.02" steps="70"/></proof>
<why3session shape_version="5">
<prover id="0" name="CVC3" version="2.4.1" timelimit="13" steplimit="0" memlimit="1000"/>
<prover id="2" name="CVC4" version="1.4" timelimit="13" steplimit="0" memlimit="1000"/>
<prover id="3" name="CVC4" version="1.5" timelimit="1" steplimit="0" memlimit="1000"/>
<prover id="4" name="Alt-Ergo" version="2.0.0" timelimit="13" steplimit="0" memlimit="1000"/>
<prover id="5" name="CVC4" version="1.4" alternative="noBV" timelimit="13" steplimit="0" memlimit="1000"/>
<prover id="6" name="CVC4" version="1.5" alternative="noBV" timelimit="60" steplimit="0" memlimit="12000"/>
<prover id="7" name="CVC4" version="1.6" alternative="noBV" timelimit="60" steplimit="0" memlimit="12000"/>
<prover id="8" name="CVC4" version="1.6" timelimit="60" steplimit="0" memlimit="12000"/>
<file proved="true">
<path name=".."/>
<path name="avrmodel.mlw"/>
<theory name="AVRint" proved="true">
<goal name="VC prefix ?" expl="VC for prefix ?" proved="true">
<proof prover="3"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC address_space_exists" expl="VC for address_space_exists" proved="true">
<proof prover="3"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC address_space" expl="VC for address_space" proved="true">
<proof prover="3"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="VC mixfix [&lt;-]" expl="VC for mixfix [&lt;-]" proved="true">
<proof prover="3"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC get_uint_term" expl="VC for get_uint_term" proved="true">
<proof prover="3"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC uint_sum" expl="VC for uint_sum" proved="true">
<proof prover="3"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="B.Sum_def_empty" proved="true">
<proof prover="2"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="B.Sum_def_non_empty" proved="true">
<proof prover="4"><result status="valid" time="0.01" steps="69"/></proof>
</goal>
<goal name="VC mov" expl="VC for mov" proved="true">
<proof prover="3"><result status="valid" time="0.08"/></proof>
</goal>
<goal name="VC mul" expl="VC for mul" proved="true">
<transf name="split_all_full" proved="true" >
<goal name="VC mul.0" expl="precondition" proved="true">
<proof prover="3"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC mul.1" expl="precondition" proved="true">
<proof prover="3"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC mul.2" expl="precondition" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.01" steps="68"/></proof>
</goal>
<goal name="VC mul.3" expl="type invariant" proved="true">
<proof prover="3"><result status="valid" time="0.07"/></proof>
</goal>
<goal name="VC mul.4" expl="postcondition" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.36" steps="268"/></proof>
</goal>
<goal name="VC mul.5" expl="postcondition" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.56" steps="190"/></proof>
</goal>
</transf>
</goal>
<goal name="VC add" expl="VC for add" proved="true">
<proof prover="3"><result status="valid" time="0.10"/></proof>
</goal>
<goal name="VC adc" expl="VC for adc" proved="true">
<proof prover="3"><result status="valid" time="0.08"/></proof>
</goal>
<goal name="WP_parameter mov" expl="VC for mov">
<proof prover="4"><result status="valid" time="0.07" steps="83"/></proof>
<goal name="VC sub" expl="VC for sub" proved="true">
<proof prover="3"><result status="valid" time="0.08"/></proof>
</goal>
<goal name="WP_parameter mul" expl="VC for mul">
<proof prover="4"><result status="valid" time="1.34" steps="255"/></proof>
<goal name="VC sbc" expl="VC for sbc" proved="true">
<proof prover="3"><result status="valid" time="0.06"/></proof>
</goal>
<goal name="WP_parameter add" expl="VC for add">
<proof prover="4"><result status="valid" time="1.36" steps="339"/></proof>
<goal name="VC neg" expl="VC for neg" proved="true">
<proof prover="3"><result status="valid" time="0.06"/></proof>
</goal>
<goal name="WP_parameter adc" expl="VC for adc">
<proof prover="4"><result status="valid" time="0.66" steps="167"/></proof>
<goal name="VC subi" expl="VC for subi" proved="true">
<proof prover="3"><result status="valid" time="0.06"/></proof>
</goal>
<goal name="WP_parameter sub" expl="VC for sub">
<proof prover="4"><result status="valid" time="0.59" steps="176"/></proof>
<goal name="VC sbci" expl="VC for sbci" proved="true">
<proof prover="3"><result status="valid" time="0.07"/></proof>
</goal>
<goal name="WP_parameter sbc" expl="VC for sbc">
<proof prover="4"><result status="valid" time="0.40" steps="158"/></proof>
<goal name="VC inc" expl="VC for inc" proved="true">
<proof prover="3"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="WP_parameter neg" expl="VC for neg">
<transf name="split_goal_wp">
<goal name="WP_parameter neg.1" expl="assertion">
<proof prover="4" steplimit="0"><result status="valid" time="0.05" steps="74"/></proof>
<goal name="VC dec" expl="VC for dec" proved="true">
<proof prover="3"><result status="valid" time="0.04"/></proof>
</goal>
<goal name="VC ld_inc" expl="VC for ld_inc" proved="true">
<transf name="split_all_full" proved="true" >
<goal name="VC ld_inc.0" expl="precondition" proved="true">
<proof prover="3"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="VC ld_inc.1" expl="precondition" proved="true">
<proof prover="3"><result status="valid" time="0.02"/></proof>
</goal>
<goal name="VC ld_inc.2" expl="precondition" proved="true">
<proof prover="3"><result status="valid" time="0.01"/></proof>
</goal>
<goal name="WP_parameter neg.2" expl="type invariant">
<proof prover="4" steplimit="0"><result status="valid" time="0.09" steps="98"/></proof>
<goal name="VC ld_inc.3" expl="type invariant" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.14" steps="134"/></proof>
</goal>
<goal name="WP_parameter neg.3" expl="postcondition">
<proof prover="4" steplimit="0"><result status="valid" time="0.02" steps="69"/></proof>
<goal name="VC ld_inc.4" expl="postcondition" proved="true">
<proof prover="4" timelimit="5" memlimit="2000"><result status="valid" time="2.41" steps="1372"/></proof>
</goal>
<goal name="VC ld_inc.5" expl="postcondition" proved="true">
<proof prover="4" timelimit="5" memlimit="2000"><result status="valid" time="4.44" steps="1654"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter subi" expl="VC for subi">
<proof prover="4" steplimit="-1"><result status="valid" time="0.59" steps="208"/></proof>
</goal>
<goal name="WP_parameter sbci" expl="VC for sbci">
<proof prover="4"><result status="valid" time="0.31" steps="140"/></proof>
</goal>
<goal name="WP_parameter inc" expl="VC for inc">
<proof prover="4"><result status="valid" time="0.11" steps="84"/></proof>
</goal>
<goal name="WP_parameter dec" expl="VC for dec">
<proof prover="4"><result status="valid" time="0.12" steps="84"/></proof>
</goal>
<goal name="WP_parameter ld_inc" expl="VC for ld_inc">
<proof prover="0" steplimit="-1"><result status="valid" time="5.46"/></proof>
</goal>
<goal name="WP_parameter ldd" expl="VC for ldd">
<proof prover="4"><result status="valid" time="0.28" steps="173"/></proof>
<goal name="VC ldd" expl="VC for ldd" proved="true">
<proof prover="4"><result status="valid" time="0.40" steps="443"/></proof>
</goal>
<goal name="WP_parameter std" expl="VC for std">
<proof prover="4"><result status="valid" time="0.30" steps="176"/></proof>
<goal name="VC std" expl="VC for std" proved="true">
<proof prover="4"><result status="valid" time="0.29" steps="412"/></proof>
</goal>
<goal name="WP_parameter push" expl="VC for push">
<proof prover="4" steplimit="-1"><result status="valid" time="0.02" steps="89"/></proof>
<goal name="VC push" expl="VC for push" proved="true">
<proof prover="4"><result status="valid" time="0.23" steps="312"/></proof>
</goal>
<goal name="WP_parameter pop" expl="VC for pop">
<proof prover="4" steplimit="-1"><result status="valid" time="0.07" steps="89"/></proof>
<goal name="VC pop" expl="VC for pop" proved="true">
<proof prover="4"><result status="valid" time="0.15" steps="314"/></proof>
</goal>
<goal name="WP_parameter nop" expl="VC for nop">
<proof prover="4"><result status="valid" time="0.05" steps="66"/></proof>
</goal>
<goal name="eq_narrow" expl="">
<goal name="eq_narrow" proved="true">
<proof prover="4"><result status="valid" time="0.03" steps="79"/></proof>
</goal>
<goal name="eq_combine" expl="">
<goal name="eq_combine" proved="true">
<proof prover="4"><result status="valid" time="0.04" steps="78"/></proof>
</goal>
<goal name="eq_uint" expl="">
<proof prover="0"><result status="valid" time="0.90"/></proof>
<goal name="eq_uint" proved="true">
<proof prover="0"><result status="valid" time="0.14"/></proof>
</goal>
<goal name="uint_0" expl="">
<goal name="uint_0" proved="true">
<proof prover="4"><result status="valid" time="0.04" steps="68"/></proof>
</goal>
<goal name="uint_1" expl="">
<goal name="uint_1" proved="true">
<proof prover="4"><result status="valid" time="0.08" steps="72"/></proof>
</goal>
<goal name="uint_2" expl="">
<goal name="uint_2" proved="true">
<proof prover="4"><result status="valid" time="0.04" steps="74"/></proof>
</goal>
<goal name="uint_3" expl="">
<goal name="uint_3" proved="true">
<proof prover="4"><result status="valid" time="0.10" steps="76"/></proof>
</goal>
<goal name="uint_4" expl="">
<goal name="uint_4" proved="true">
<proof prover="4"><result status="valid" time="0.07" steps="78"/></proof>
</goal>
<goal name="uint_5" expl="">
<goal name="uint_5" proved="true">
<proof prover="4"><result status="valid" time="0.10" steps="80"/></proof>
</goal>
<goal name="uint_6" expl="">
<goal name="uint_6" proved="true">
<proof prover="4"><result status="valid" time="0.07" steps="82"/></proof>
</goal>
<goal name="uint_7" expl="">
<goal name="uint_7" proved="true">
<proof prover="4"><result status="valid" time="0.10" steps="84"/></proof>
</goal>
<goal name="uint_8" expl="">
<goal name="uint_8" proved="true">
<proof prover="4"><result status="valid" time="0.10" steps="86"/></proof>
</goal>
<goal name="uint_9" expl="">
<goal name="uint_9" proved="true">
<proof prover="4"><result status="valid" time="0.04" steps="88"/></proof>
</goal>
<goal name="uint_10" expl="">
<goal name="uint_10" proved="true">
<proof prover="4"><result status="valid" time="0.04" steps="92"/></proof>
</goal>
<goal name="uint_11" expl="">
<goal name="uint_11" proved="true">
<proof prover="4"><result status="valid" time="0.08" steps="96"/></proof>
</goal>
<goal name="uint_12" expl="">
<goal name="uint_12" proved="true">
<proof prover="4"><result status="valid" time="0.10" steps="100"/></proof>
</goal>
<goal name="uint_13" expl="">
<goal name="uint_13" proved="true">
<proof prover="4"><result status="valid" time="0.15" steps="104"/></proof>
</goal>
<goal name="uint_14" expl="">
<proof prover="4"><result status="valid" time="0.22" steps="108"/></proof>
<goal name="uint_14" proved="true">
<proof prover="4"><result status="valid" time="0.06" steps="108"/></proof>
</goal>
<goal name="uint_15" expl="">
<proof prover="4"><result status="valid" time="0.24" steps="112"/></proof>
<goal name="uint_15" proved="true">
<proof prover="4"><result status="valid" time="0.06" steps="112"/></proof>
</goal>
<goal name="uint_16" expl="">
<proof prover="4"><result status="valid" time="0.30" steps="116"/></proof>
<goal name="uint_16" proved="true">
<proof prover="4"><result status="valid" time="0.07" steps="116"/></proof>
</goal>
<goal name="uint_17" expl="">
<proof prover="4"><result status="valid" time="0.26" steps="120"/></proof>
<goal name="uint_17" proved="true">
<proof prover="4"><result status="valid" time="0.08" steps="120"/></proof>
</goal>
<goal name="uint_18" expl="">
<proof prover="4"><result status="valid" time="0.37" steps="124"/></proof>
<goal name="uint_18" proved="true">
<proof prover="4"><result status="valid" time="0.09" steps="124"/></proof>
</goal>
<goal name="uint_19" expl="">
<proof prover="4"><result status="valid" time="0.29" steps="128"/></proof>
<goal name="uint_19" proved="true">
<proof prover="4"><result status="valid" time="0.11" steps="128"/></proof>
</goal>
<goal name="uint_20" expl="">
<proof prover="4"><result status="valid" time="0.38" steps="132"/></proof>
<goal name="uint_20" proved="true">
<proof prover="4"><result status="valid" time="0.12" steps="132"/></proof>
</goal>
<goal name="uint_21" expl="">
<proof prover="4"><result status="valid" time="0.55" steps="136"/></proof>
<goal name="uint_21" proved="true">
<proof prover="4"><result status="valid" time="0.13" steps="136"/></proof>
</goal>
<goal name="uint_22" expl="">
<proof prover="4"><result status="valid" time="0.39" steps="140"/></proof>
<goal name="uint_22" proved="true">
<proof prover="4"><result status="valid" time="0.14" steps="140"/></proof>
</goal>
<goal name="uint_23" expl="">
<proof prover="4"><result status="valid" time="0.47" steps="144"/></proof>
<goal name="uint_23" proved="true">
<proof prover="4"><result status="valid" time="0.15" steps="144"/></proof>
</goal>
<goal name="uint_24" expl="">
<proof prover="4"><result status="valid" time="0.49" steps="148"/></proof>
<goal name="uint_24" proved="true">
<proof prover="4"><result status="valid" time="0.18" steps="148"/></proof>
</goal>
<goal name="uint_25" expl="">
<proof prover="4"><result status="valid" time="0.65" steps="152"/></proof>
<goal name="uint_25" proved="true">
<proof prover="4"><result status="valid" time="0.19" steps="152"/></proof>
</goal>
<goal name="uint_26" expl="">
<proof prover="4"><result status="valid" time="0.71" steps="156"/></proof>
<goal name="uint_26" proved="true">
<proof prover="4"><result status="valid" time="0.21" steps="156"/></proof>
</goal>
<goal name="uint_27" expl="">
<proof prover="4"><result status="valid" time="0.81" steps="160"/></proof>
<goal name="uint_27" proved="true">
<proof prover="4"><result status="valid" time="0.23" steps="160"/></proof>
</goal>
<goal name="uint_28" expl="">
<proof prover="4"><result status="valid" time="0.66" steps="164"/></proof>
<goal name="uint_28" proved="true">
<proof prover="4"><result status="valid" time="0.25" steps="164"/></proof>
</goal>
<goal name="uint_29" expl="">
<proof prover="4"><result status="valid" time="0.68" steps="168"/></proof>
<goal name="uint_29" proved="true">
<proof prover="4"><result status="valid" time="0.27" steps="168"/></proof>
</goal>
<goal name="uint_30" expl="">
<proof prover="4"><result status="valid" time="1.16" steps="172"/></proof>
<goal name="uint_30" proved="true">
<proof prover="4"><result status="valid" time="0.29" steps="172"/></proof>
</goal>
<goal name="uint_31" expl="">
<proof prover="4"><result status="valid" time="0.84" steps="176"/></proof>
<goal name="uint_31" proved="true">
<proof prover="4"><result status="valid" time="0.33" steps="176"/></proof>
</goal>
<goal name="uint_32" expl="">
<proof prover="4"><result status="valid" time="0.84" steps="180"/></proof>
<goal name="uint_32" proved="true">
<proof prover="4"><result status="valid" time="0.35" steps="180"/></proof>
</goal>
<goal name="WP_parameter movw" expl="VC for movw">
<proof prover="4"><result status="valid" time="0.13" steps="89"/></proof>
<goal name="VC movw" expl="VC for movw" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.30" steps="359"/></proof>
</goal>
<goal name="WP_parameter adiw" expl="VC for adiw">
<transf name="split_goal_wp">
<goal name="WP_parameter adiw.1" expl="type invariant">
<proof prover="5" steplimit="-1"><result status="valid" time="0.28"/></proof>
</goal>
<goal name="WP_parameter adiw.2" expl="postcondition">
<proof prover="5" steplimit="-1"><result status="valid" time="0.30"/></proof>
</goal>
<goal name="WP_parameter adiw.3" expl="postcondition">
<transf name="compute_in_goal">
<goal name="WP_parameter adiw.3.1" expl="postcondition">
<proof prover="5"><result status="valid" time="0.22"/></proof>
<goal name="VC adiw" expl="VC for adiw" proved="true">
<transf name="introduce_premises" proved="true" >
<goal name="VC adiw.0" expl="VC for adiw" proved="true">
<transf name="split_vc" proved="true" >
<goal name="VC adiw.0.0" expl="precondition" proved="true">
<proof prover="4" timelimit="60" memlimit="12000"><result status="valid" time="0.03" steps="68"/></proof>
</goal>
<goal name="VC adiw.0.1" expl="assertion" proved="true">
<proof prover="3"><result status="valid" time="0.12"/></proof>
</goal>
<goal name="VC adiw.0.2" expl="precondition" proved="true">
<proof prover="3"><result status="valid" time="0.05"/></proof>
</goal>
<goal name="VC adiw.0.3" expl="precondition" proved="true">
<proof prover="3"><result status="valid" time="0.05"/></proof>
</goal>
<goal name="VC adiw.0.4" expl="type invariant" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.15" steps="167"/></proof>
</goal>
<goal name="VC adiw.0.5" expl="postcondition" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.84" steps="726"/></proof>
</goal>
<goal name="VC adiw.0.6" expl="postcondition" proved="true">
<transf name="split_all_full" proved="true" >
<goal name="VC adiw.0.6.0" expl="postcondition" proved="true">
<proof prover="4" timelimit="5" memlimit="2000"><result status="valid" time="2.85" steps="194"/></proof>
</goal>
</transf>
</goal>
<goal name="VC adiw.0.7" expl="postcondition" proved="true">
<transf name="compute_in_goal" proved="true" >
<goal name="VC adiw.0.7.0" expl="postcondition" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.15" steps="99"/></proof>
</goal>
</transf>
</goal>
</transf>
</goal>
<goal name="WP_parameter adiw.4" expl="postcondition">
<transf name="compute_in_goal">
<goal name="WP_parameter adiw.4.1" expl="postcondition">
<proof prover="5"><result status="valid" time="0.23"/></proof>
</transf>
</goal>
<goal name="VC sbiw" expl="VC for sbiw" proved="true">
<transf name="compute_in_goal" proved="true" >
<goal name="VC sbiw.0" expl="VC for sbiw" proved="true">
<transf name="split_all_full" proved="true" >
<goal name="VC sbiw.0.0" expl="precondition" proved="true">
<proof prover="4" timelimit="60" memlimit="12000"><result status="valid" time="0.02" steps="68"/></proof>
</goal>
<goal name="VC sbiw.0.1" expl="postcondition" proved="true">
<proof prover="4" timelimit="60" memlimit="12000"><result status="valid" time="0.19" steps="136"/></proof>
</goal>
<goal name="VC sbiw.0.2" expl="postcondition" proved="true">
<proof prover="4" timelimit="60" memlimit="12000"><result status="valid" time="0.66" steps="227"/></proof>
</goal>
<goal name="VC sbiw.0.3" expl="postcondition" proved="true">
<proof prover="4" timelimit="60" memlimit="12000"><result status="valid" time="0.44" steps="192"/></proof>
</goal>
</transf>
</goal>
</transf>
</goal>
<goal name="WP_parameter sbiw" expl="VC for sbiw">
<transf name="split_goal_wp">
<goal name="WP_parameter sbiw.1" expl="precondition">
<proof prover="4" steplimit="0"><result status="valid" time="0.08" steps="68"/></proof>
</goal>
<goal name="WP_parameter sbiw.2" expl="precondition">
<proof prover="4" steplimit="0"><result status="valid" time="0.06" steps="71"/></proof>
</goal>
<goal name="WP_parameter sbiw.3" expl="postcondition">
<proof prover="5"><result status="valid" time="0.15"/></proof>
<goal name="VC add_" expl="VC for add_" proved="true">
<transf name="compute_in_goal" proved="true" >
<goal name="VC add_.0" expl="VC for add_" proved="true">
<transf name="split_all_full" proved="true" >
<goal name="VC add_.0.0" expl="type invariant" proved="true">
<proof prover="4" timelimit="60" memlimit="12000"><result status="valid" time="0.09" steps="163"/></proof>
</goal>
<goal name="VC add_.0.1" expl="postcondition" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.36" steps="200"/></proof>
</goal>
<goal name="VC add_.0.2" expl="postcondition" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.29" steps="126"/></proof>
</goal>
<goal name="VC add_.0.3" expl="type invariant" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.11" steps="170"/></proof>
</goal>
<goal name="VC add_.0.4" expl="postcondition" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.29" steps="215"/></proof>
</goal>
<goal name="VC add_.0.5" expl="postcondition" proved="true">
<transf name="introduce_premises" proved="true" >
<goal name="VC add_.0.5.0" expl="postcondition" proved="true">
<proof prover="3" timelimit="30" memlimit="4000"><result status="valid" time="10.41"/></proof>
</goal>
</transf>
</goal>
<goal name="VC add_.0.6" expl="type invariant" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.10" steps="175"/></proof>
</goal>
<goal name="VC add_.0.7" expl="postcondition" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.36" steps="215"/></proof>
</goal>
<goal name="VC add_.0.8" expl="postcondition" proved="true">
<proof prover="3"><result status="valid" time="0.71"/></proof>
</goal>
<goal name="VC add_.0.9" expl="type invariant" proved="true">
<proof prover="3"><result status="valid" time="0.05"/></proof>
</goal>
<goal name="VC add_.0.10" expl="postcondition" proved="true">
<proof prover="3"><result status="valid" time="0.05"/></proof>
</goal>
<goal name="VC add_.0.11" expl="postcondition" proved="true">
<proof prover="3"><result status="valid" time="0.05"/></proof>
</goal>
<goal name="VC add_.0.12" expl="type invariant" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.10" steps="171"/></proof>
</goal>
<goal name="VC add_.0.13" expl="postcondition" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.19" steps="201"/></proof>
</goal>
<goal name="VC add_.0.14" expl="postcondition" proved="true">
<proof prover="4" timelimit="5" memlimit="2000"><result status="valid" time="4.30" steps="1805"/></proof>
</goal>
</transf>
</goal>
<goal name="WP_parameter sbiw.4" expl="postcondition">
<transf name="compute_in_goal">
<goal name="WP_parameter sbiw.4.1" expl="postcondition">
<proof prover="5"><result status="valid" time="0.26"/></proof>
</transf>
</goal>
<goal name="VC sub_" expl="VC for sub_" proved="true">
<transf name="compute_in_goal" proved="true" >
<goal name="VC sub_.0" expl="VC for sub_" proved="true">
<transf name="split_vc" proved="true" >
<goal name="VC sub_.0.0" expl="type invariant" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.11" steps="172"/></proof>
</goal>
<goal name="VC sub_.0.1" expl="postcondition" proved="true">
<transf name="split_all_full" proved="true" >
<goal name="VC sub_.0.1.0" expl="postcondition" proved="true">
<proof prover="4" timelimit="30" memlimit="4000"><result status="valid" time="19.73" steps="724"/></proof>
</goal>
</transf>
</goal>
<goal name="VC sub_.0.2" expl="postcondition" proved="true">
<transf name="split_all_full" proved="true" >
<goal name="VC sub_.0.2.0" expl="postcondition" proved="true">
<proof prover="4" timelimit="5" memlimit="2000"><result status="valid" time="3.30" steps="570"/></proof>
</goal>
</transf>
</goal>
</transf>
</goal>
<goal name="WP_parameter sbiw.5" expl="postcondition">
<transf name="compute_in_goal">
<goal name="WP_parameter sbiw.5.1" expl="postcondition">
<proof prover="5"><result status="valid" time="0.26"/></proof>
</transf>
</goal>
<goal name="VC inc_" expl="VC for inc_" proved="true">
<transf name="split_all_full" proved="true" >
<goal name="VC inc_.0" expl="type invariant" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.05" steps="139"/></proof>
</goal>
<goal name="VC inc_.1" expl="postcondition" proved="true">
<transf name="compute_in_goal" proved="true" >
<goal name="VC inc_.1.0" expl="postcondition" proved="true">
<transf name="introduce_premises" proved="true" >
<goal name="VC inc_.1.0.0" expl="postcondition" proved="true">
<proof prover="3" timelimit="30" memlimit="4000"><result status="valid" time="25.23"/></proof>
</goal>
</transf>
</goal>
</transf>
</goal>
</transf>
</goal>
<goal name="WP_parameter add_" expl="VC for add_">
<transf name="split_goal_wp">
<goal name="WP_parameter add_.1" expl="type invariant">
<proof prover="4"><result status="valid" time="0.14" steps="146"/></proof>
<goal name="VC dec_" expl="VC for dec_" proved="true">
<proof prover="4"><result status="valid" time="0.14" steps="157"/></proof>
</goal>
<goal name="VC eor" expl="VC for eor" proved="true">
<proof prover="4"><result status="valid" time="0.25" steps="442"/></proof>
</goal>
<goal name="VC clr" expl="VC for clr" proved="true">
<proof prover="3"><result status="valid" time="0.05"/></proof>
</goal>
<goal name="VC com" expl="VC for com" proved="true">
<proof prover="4" timelimit="1"><result status="valid" time="0.25" steps="406"/></proof>
</goal>
<goal name="VC asr" expl="VC for asr" proved="true">
<transf name="split_vc" proved="true" >
<goal name="VC asr.0" expl="type invariant" proved="true">
<proof prover="4" timelimit="60" memlimit="12000"><result status="valid" time="0.07" steps="123"/></proof>
</goal>
<goal name="VC asr.1" expl="postcondition" proved="true">